Lucene search
+L

5498 matches found

redhatcve
redhatcve
added 2026/03/26 3:19 p.m.11 views

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

8.8CVSS6AI score0.00384EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00284EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.8 views

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a file upload vulnerability, which stems from the application not strictly verifying or filtering user uploaded files, and can be exploited by an attacker to upload and...

9.8CVSS5.9AI score0.00295EPSS
Exploits0References1
osv
osv
added 2026/03/25 8:0 p.m.4 views

GHSA-FR76-5637-W3G9 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

8.8CVSS6.1AI score0.00507EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.6 views

PT-2026-27364

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...

8.8CVSS6.3AI score0.00896EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

5.3CVSS5.9AI score0.00437EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.6 views

PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

8.8CVSS6AI score0.00384EPSS
Exploits0References8
euvd
euvd
added 2026/03/19 10:55 p.m.6 views

EUVD-2026-13365

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/19 12:0 a.m.7 views

WordPress plugin Woocommerce Wholesale Lead Capture 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9CVSS5.9AI score0.0047EPSS
Exploits2References1
osv
osv
added 2026/03/16 8:43 p.m.7 views

GHSA-FFX7-75GC-JG7C File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

5.3CVSS6.7AI score0.01903EPSS
Exploits1References4
snyk
snyk
added 2026/03/11 12:17 a.m.3 views

Cross-site Scripting (XSS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload process. An attacker can execute arbitrary JavaScript in the context of the...

8.7CVSS5.7AI score0.00216EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/11 12:0 a.m.11 views

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie contains a security vulnerability. This vulnerability stems from an arbitrary file upload feature present in the ft2.php endpoint, which could allow attackers to upload malicious files and execute...

9.8CVSS6AI score0.00903EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/09 8:8 p.m.5 views

CVE-2026-25737

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

8.9CVSS5.9AI score0.00264EPSS
Exploits1References2Affected Software1
ibm
ibm
added 2026/03/09 10:9 a.m.5 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

8.8CVSS6AI score0.64718EPSS
Exploits2Affected Software1
ptsecurity
ptsecurity
added 2026/03/09 12:0 a.m.8 views

PT-2026-24108

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

8.9CVSS5.9AI score0.00264EPSS
Exploits1References2
euvd
euvd
added 2026/03/06 3:31 p.m.7 views

EUVD-2018-21631

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

8.8CVSS6.3AI score0.00204EPSS
Exploits0References3
nvd
nvd
added 2026/03/06 1:15 p.m.15 views

CVE-2018-25162

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...

7.1CVSS0.00444EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/06 3:32 a.m.33 views

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS0.00729EPSS
Exploits0References2
osv
osv
added 2026/03/06 3:32 a.m.4 views

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS6.5AI score0.00729EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.7 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...

8.8CVSS6.1AI score0.00729EPSS
Exploits0References2
Rows per page
Query Builder