Lucene search
+L

73 matches found

CNNVD
CNNVD
added 2025/08/20 12:0 a.m.4 views

Liferay Portal和Liferay DXP 代码问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.5CVSS6.8AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.6 views

Havalite CMS 安全漏洞

Havalite CMS is a content management system for Havalite Personal Developers. A security vulnerability exists in Havalite CMS version 1.1.7 and earlier, which stems from insufficient file upload validation and could lead to remote code execution...

9.3CVSS7.9AI score0.01079EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.3 views

Time Line 代码问题漏洞

Time Line is a timeline application from the Time Line Official individual developer. A code issue vulnerability exists in Time Line that stems from insufficient file upload validation, which could result in a malicious file upload or denial of service...

4.3CVSS6.9AI score0.00333EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/06/27 12:0 a.m.7 views

(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results...

7.5CVSS6.4AI score0.01256EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/06/25 3:5 p.m.8 views

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

5.3CVSS7.1AI score0.00261EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/06/13 3:31 p.m.141 views

Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax

CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...

9.9CVSS10AI score0.00741EPSS
Exploits2
CVE
CVE
added 2025/06/10 6:0 a.m.64 views

CVE-2025-4954

The CVE-2025-4954 entry concerns the WordPress plugin Axle Demo Importer (up to version 1.0.3). The vulnerability arises because the plugin does not validate uploaded files, allowing authenticated users (author level and above) to upload arbitrary files such as PHP to the server. This is stated d...

8.8CVSS6.6AI score0.00507EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.20 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

9.8CVSS6.7AI score0.00846EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/12 12:5 a.m.20 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS7.9AI score0.00804EPSS
Exploits2References1
NVD
NVD
added 2025/04/10 2:15 p.m.17 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS0.00804EPSS
Exploits2References1
CVE
CVE
added 2025/04/10 12:0 a.m.66 views

CVE-2025-29017

Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...

8.8CVSS7.2AI score0.00804EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.7 views

PT-2025-15988 · Unknown · Codeastro Internet Banking System

Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...

8.8CVSS7AI score0.00804EPSS
Exploits2References9
Cvelist
Cvelist
added 2025/04/10 12:0 a.m.20 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

0.00804EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/10 12:0 a.m.9 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

9AI score0.00804EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/29 12:0 a.m.4 views

WordPress plugin Inline Image Upload for BBPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS8.7AI score0.00798EPSS
Exploits0References4
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

IBM Security ReaQta Code Issue Vulnerability

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...

4.7CVSS7.3AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 11:15 a.m.7 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS0.00337EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 6:15 a.m.31 views

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

6.6CVSS0.00733EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/22 6:0 a.m.13 views

CVE-2024-9422 GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

7AI score0.00733EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.5 views

Shilpi Client Dashboard 代码问题漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A code issue vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0 that stems from improper validation of uploaded files other than those with specified extensions, which could lead to remote code execution on the...

8.8CVSS7.9AI score0.00685EPSS
Exploits0References2
Rows per page
Query Builder