Lucene search
K

5497 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42552

Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...

9.8CVSS6.2AI score0.00672EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/17 1:45 p.m.16 views

EUVD-2026-30705

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.36 views

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS0.00576EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/14 8:17 p.m.12 views

Reliance on File Name or Extension of Externally-Supplied File

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File via the audio transcription upload process. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a...

8.7CVSS6.1AI score0.0018EPSS
Exploits1References4
OSV
OSV
added 2026/05/12 9:6 p.m.4 views

CVE-2026-44257 efw4.X: RCE via zipslip

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6.1AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40047

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

6.2AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.8 views

CVE-2021-47943

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

8.8CVSS6.6AI score0.00617EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2025-209775

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php...

6.3CVSS5.9AI score0.00266EPSS
Exploits0References4
CERT
CERT
added 2026/05/11 12:0 a.m.14 views

Casdoor contains Arbitrary File Write vulnerability

Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory and write files...

5.9CVSS5.9AI score0.00513EPSS
Exploits5
EUVD
EUVD
added 2026/05/10 3:31 p.m.10 views

EUVD-2021-34803

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

8.8CVSS6.6AI score0.00617EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.36 views

CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

6.4CVSS0.00239EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/08 9:16 p.m.206 views

Exploit for CVE-2026-37637

CVE-2026-37637 Proof of Concept for CVE-2026-37637 - Remo...

6.3AI score0.00471EPSS
Exploits1
CVE
CVE
added 2026/05/07 10:31 a.m.25 views

CVE-2026-33589

Open Notebook v1.8.3 is affected by CVE-2026-33589 due to lack of input validation in the file-upload function, enabling local file read via path traversal from within the docker container. Affected component: file upload handling; attack vector: LOCAL, without user interaction, no privileges req...

8.2CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 10:31 a.m.12 views

CVE-2026-33589 Arbitrary File Read via Local File Inclusion (LFI)

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal...

8.2CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 10:28 a.m.25 views

CVE-2026-33588

Open Notebook v1.8.3 contains a path traversal flaw in its file upload feature that allows arbitrary file writes on the docker container due to insufficient input validation. An attacker with local access and no privileges can craft input to create or modify files. CVSSv4.0 metrics from ENISA yie...

8.1CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.31 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38617

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...

6.3CVSS6.1AI score0.00229EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of user input validation in the file upload function, which may allow users to access the content of...

8.2CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.12 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

5.8AI score0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS6AI score0.00125EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder