Lucene search
K

5492 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

5.3CVSS5.9AI score0.00437EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

8.8CVSS6AI score0.00384EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/19 10:55 p.m.4 views

EUVD-2026-13365

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

WordPress plugin Woocommerce Wholesale Lead Capture 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9CVSS5.9AI score0.0047EPSS
Exploits2References1
OSV
OSV
added 2026/03/16 8:43 p.m.7 views

GHSA-FFX7-75GC-JG7C File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

5.3CVSS6.7AI score0.01903EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/11 12:17 a.m.3 views

Cross-site Scripting (XSS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload process. An attacker can execute arbitrary JavaScript in the context of the...

8.7CVSS5.7AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie contains a security vulnerability. This vulnerability stems from an arbitrary file upload feature present in the ft2.php endpoint, which could allow attackers to upload malicious files and execute...

9.8CVSS6AI score0.00903EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:8 p.m.5 views

CVE-2026-25737

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

8.9CVSS5.9AI score0.00264EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 10:9 a.m.5 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

8.8CVSS6AI score0.64718EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.8 views

PT-2026-24108

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

8.9CVSS5.9AI score0.00264EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/06 3:31 p.m.6 views

EUVD-2018-21631

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

8.8CVSS6.3AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:15 p.m.14 views

CVE-2018-25162

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...

7.1CVSS0.00444EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 3:32 a.m.33 views

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS0.00729EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 3:32 a.m.3 views

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS6.5AI score0.00729EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...

8.8CVSS6.1AI score0.00729EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/05 7:1 p.m.131 views

web-pentest-cases

Web Application Pentesting Cases Practical web application se...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

Microsoft Devices Pricing Program 代码问题漏洞

The Microsoft Devices Pricing Program is Microsoft's exclusive device purchasing and pricing mechanism for enterprise customers, partners, or select channels to enjoy customized pricing, terms of business, and support for volume purchases of Surface Series devices such as Surface Laptop, Surface...

9.8CVSS6.1AI score0.01596EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/02 11:27 p.m.9 views

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin = 7.0.0.3 - Authenticated Administrator+ Server-Side Request Forgery to Arbitrary File Upload vulnerability discovered by lucsob in WordPress Plugin Uncanny Automator versions = 7.0.0.3...

7.2CVSS5.9AI score0.00655EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Studio Fabryka DobryCMS 代码问题漏洞

Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 5.0 had code vulnerabilities. These vulnerabilities stemmed from defects in the file upload functionality, which could lead to remote code execution...

9.8CVSS6.1AI score0.00536EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 11:35 a.m.22 views

CVE-2026-24350 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS0.00169EPSS
Exploits0References2
Rows per page
Query Builder