Lucene search
K

2500 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15677

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-15528

CVE-2026-15528 affects lamaalrajih/kicad-mcp up to 3.3.1. The vulnerability is in kicad_mcp/utils/path_validator.py where manipulating the arguments project_path or schematic_path causes a protection mechanism failure. Local exploitation is required, and the exploit has been made public. The proj...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/01 3:2 p.m.8 views

CVE-2026-56377

A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Tridium Niagara Incorrect Permission Assignment for Critical Resource (CVE-2025-3944)

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

9.8CVSS7.3AI score0.0048EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:0 p.m.8 views

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

5.1CVSS3.9AI score0.00248EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:30 a.m.9 views

CVE-2026-11484

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS5.6AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/26 6:59 a.m.17 views

CVE-2026-9530

A flaw was found in GNU LibreDWG, specifically within the Dwgbmp Utility component. A local attacker could exploit an out-of-bounds read vulnerability in the read2004compressedsection function by manipulating a file. This could lead to a denial of service, making the application unavailable...

4.8CVSS5.7AI score0.00143EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/17 1:45 p.m.54 views

CVE-2026-8758 Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 8:20 a.m.13 views

CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

7CVSS5.7AI score0.00106EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:24 p.m.4 views

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/02 2:45 p.m.5 views

CVE-2026-7643 ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy

A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

5.3CVSS5.4AI score0.00158EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/30 5:27 p.m.3 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the WriteMetadata process. An attacker can manipulate files, create or overwrite arbitrary files, and establish symlinks or hard links by injecting specially crafted metadata values containing newline...

10CVSS5.9AI score0.00611EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/23 6:9 p.m.4 views

CVE-2026-33694 Junction File Manipulation

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...

8.6CVSS6.1AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 6:9 p.m.75 views

CVE-2026-33694

CVE-2026-33694 describes a junction file manipulation vulnerability where an attacker can create a junction to delete arbitrary files with SYSTEM privileges, potentially enabling arbitrary code execution at SYSTEM level. The description explicitly notes elevated privileges and the possibility of ...

8.6CVSS6.1AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:45 a.m.2 views

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/15 1:22 a.m.7 views

CVE-2026-6139

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...

10CVSS7AI score0.01823EPSS
Exploits0References1
OSV
OSV
added 2026/04/12 4:30 a.m.3 views

CVE-2026-6117 AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

5.3CVSS6AI score0.00224EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. There are security vulnerabilities in versions of Checkmk prior to 2.2.0, 2.3.0p46, 2.4.0p25, and 2.5.0b3. These vulnerabilities stem from the ability for site users to manipulate files, potentially leading to permission...

9.3CVSS5.7AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder