Lucene search
+L

5498 matches found

githubexploit
githubexploit
added 2026/03/05 7:1 p.m.137 views

web-pentest-cases

Web Application Pentesting Cases Practical web application se...

6.1AI score
Exploits0
cnnvd
cnnvd
added 2026/03/05 12:0 a.m.7 views

Microsoft Devices Pricing Program 代码问题漏洞

The Microsoft Devices Pricing Program is Microsoft's exclusive device purchasing and pricing mechanism for enterprise customers, partners, or select channels to enjoy customized pricing, terms of business, and support for volume purchases of Surface Series devices such as Surface Laptop, Surface...

9.8CVSS6.1AI score0.01596EPSS
Exploits0References1
patchstack
patchstack
added 2026/03/02 11:27 p.m.10 views

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin = 7.0.0.3 - Authenticated Administrator+ Server-Side Request Forgery to Arbitrary File Upload vulnerability discovered by lucsob in WordPress Plugin Uncanny Automator versions = 7.0.0.3...

7.2CVSS5.9AI score0.00655EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/03/02 12:0 a.m.7 views

Studio Fabryka DobryCMS 代码问题漏洞

Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 5.0 had code vulnerabilities. These vulnerabilities stemmed from defects in the file upload functionality, which could lead to remote code execution...

9.8CVSS6.1AI score0.00536EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/27 11:35 a.m.23 views

CVE-2026-24350 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS0.00169EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/27 12:0 a.m.7 views

Multer 安全漏洞

Multer is an open-source middleware for Node.js developed by ExpressJS. Versions of Multer prior to 2.1.0 contained a security vulnerability. This vulnerability stemmed from connection interruptions during file uploads, which could lead to resource exhaustion and denial-of-service attacks...

8.7CVSS5.8AI score0.00663EPSS
Exploits0References4
github
github
added 2026/02/25 4:6 p.m.9 views

TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...

6.8CVSS6.3AI score0.00188EPSS
Exploits2References4Affected Software1
redhatcve
redhatcve
added 2026/02/25 10:16 a.m.6 views

CVE-2026-3070

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...

6.1CVSS3.9AI score0.00264EPSS
Exploits1References1
nvd
nvd
added 2026/02/25 3:16 a.m.7 views

CVE-2026-27621

TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...

6.8CVSS0.00188EPSS
Exploits2References2
cnnvd
cnnvd
added 2026/02/25 12:0 a.m.10 views

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect operations with files/api/admin/sys-file/upload, which could lead to unlimited...

9.8CVSS6.6AI score0.00307EPSS
Exploits1References8
redhatcve
redhatcve
added 2026/02/21 7:26 a.m.6 views

CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

5.4CVSS5.7AI score0.0028EPSS
Exploits1References1
nvd
nvd
added 2026/02/19 7:17 a.m.5 views

CVE-2025-12500

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

5.3CVSS0.00328EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/02/18 12:0 a.m.8 views

Code-Projects Scholars Tracking System 安全漏洞

The Code-Projects Scholars Tracking System is an open-source scholar tracking system developed by Code-Projects. Version 1.0 of the Code-Projects Scholars Tracking System contains a security vulnerability. This vulnerability stems from the lack of verification of file types and extensions during...

8.8CVSS6.3AI score0.00589EPSS
Exploits1References2
euvd
euvd
added 2026/02/16 12:30 p.m.12 views

EUVD-2026-6098

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

10CVSS5.2AI score0.0063EPSS
Exploits0References5
ics
ics
added 2026/02/12 7:0 a.m.6 views

Airleader Master

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

9.8CVSS6.4AI score0.01207EPSS
Exploits0References11
nvd
nvd
added 2026/02/10 7:16 a.m.6 views

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS0.00437EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/08 12:0 a.m.11 views

PT-2026-6995

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0 related to unrestricted file upload. The issue affects the processing of the file /seller/assets/backend/profile/addadhar.php. Manipulation...

7.5CVSS5.3AI score0.00451EPSS
Exploits1References8
ncsc
ncsc
added 2026/02/06 9:22 a.m.12 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References1
cve
cve
added 2026/02/04 10:26 a.m.27 views

CVE-2025-59818

CVE-2025-59818 enables authenticated remote code execution by manipulating the file name of an uploaded file. The entry notes a high-severity flaw (CVSS v3.1 base score 10.0) with impact to confidentiality, integrity, and availability (all High). Concrete affected products, versions, root cause s...

10CVSS5.8AI score0.00478EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

9.8CVSS0.00773EPSS
Exploits1References4
Rows per page
Query Builder