Lucene search
+L

5500 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS6AI score0.00125EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/05 5:30 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.14 views

WordPress plugin User Registration Advanced Fields 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS6.3AI score0.00653EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.13 views

Weaver E-office 代码问题漏洞

Weaver E-office is an office automation system developed by the Chinese company Weaver. Versions of Weaver E-office prior to 10.020221201 contained code vulnerabilities. These vulnerabilities stemmed from an unauthenticated file upload vulnerability present in the OfficeServer.php endpoint. This...

9.8CVSS6.5AI score0.00774EPSS
Exploits0References1
NVD
NVD
added 2026/04/26 10:17 p.m.16 views

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

IBM Security Verify Directory 代码问题漏洞

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. A file upload vulnerability exists in IBM Security Verify Directory versions 10.0.0 through 10.0.0.3. The vulnerability stems from an unverified file type and can be...

7.2CVSS5.8AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 6:31 p.m.9 views

EUVD-2026-24139

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

7.2CVSS5.9AI score0.00807EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/04/19 11:25 p.m.9 views

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin = 4.1.16 - Missing Authorization to Authenticated Administrator+ Arbitrary File Upload and Remote Code Execution vulnerability discovered by ll in WordPress Plugin CMP – Coming Soon & Maintenance versions = 4.1.16...

8.8CVSS5.8AI score0.00867EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 8:29 p.m.5 views

CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

3.1CVSS5.7AI score0.00168EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/16 1:18 a.m.260 views

Exploit for Deserialization of Untrusted Data in Roundcube Webmail

CVE-2025-49113 — Roundcube Post-Auth RCE via PHP Object Deseri...

9.9CVSS8AI score0.94741EPSS
Exploits29
CVE
CVE
added 2026/04/14 10:56 p.m.14 views

CVE-2026-39387

BoidCMS, a PHP-based flat-file CMS, before v2.1.3 is vulnerable to a critical Local File Inclusion via the tpl parameter that is passed directly to require_once without proper path validation. An authenticated administrator can inject path traversal (../) to escape the theme directory and include...

7.2CVSS6AI score0.00731EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.142 views

📄 RomM Cross Site Scripting / File Upload

RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...

7.6CVSS5.2AI score0.00278EPSS
Exploits2
NVD
NVD
added 2026/04/08 7:25 p.m.15 views

CVE-2026-2942

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSolfileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS0.00578EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:35 p.m.3 views

CVE-2026-35608

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS5.9AI score0.00187EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.5 views

CVE-2026-5624

A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 6:30 a.m.8 views

EUVD-2026-19160

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

5.3CVSS4.5AI score0.00773EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.9 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1)

The version of AOS installed on the remote host is prior to 7.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1 advisory. - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library...

9.8CVSS6.2AI score0.64718EPSS
Exploits35References39
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29870

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...

8.7CVSS6AI score0.00306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.13 views

CVE-2021-27489

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...

8.8CVSS7.2AI score0.01291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.7 views

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...

8.1CVSS7.2AI score0.02529EPSS
Exploits1References1
Rows per page
Query Builder