Lucene search
K

45770 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2025-24815 An unrestricted file upload vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

0.00151EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2025-210369

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2025-24815

CVE-2025-24815 affects Nokia MantaRay NM and describes an unrestricted file upload vulnerability caused by insufficient file type validation. The issue could allow an authenticated attacker to upload malicious files onto the system. No remediation details are provided in the supplied documents.

7.8CVSS5.8AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-11589

Technical details about CVE-2026-11589 are not publicly available in the provided documents. Monitor for updates from official advisories and vendor advisories for affected versions, impact, and fixes.

8.8CVSS5.6AI score0.00276EPSS
Exploits0References1
Nuclei
Nuclei
added 6 days ago20 views

Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

9.8CVSS7.7AI score0.95478EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-53921

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the proposal file path by joining a caller-supplied proposal identifier to the broker proposals directory without proper sanitization in the...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-53900

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21 Description Adobe ColdFusion is subject to an unrestricted upload of files with dangerous types due to improper input validation and content-type enforcement...

10CVSS6.7AI score0.00917EPSS
Exploits0References16
NVD
NVD
added last week9 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00329EPSS
Exploits2References3
EUVD
EUVD
added last week6 views

EUVD-2026-40121

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00329EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00329EPSS
Exploits2References2Affected Software1
OSV
OSV
added last week5 views

PYSEC-2026-420 MLflow allowed arbitrary files to be PUT onto the server

MLflow allowed arbitrary files to be PUT onto the server...

10CVSS5.9AI score0.04408EPSS
Exploits1References7
OSV
OSV
added last week6 views

PYSEC-2026-297 BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

9.9CVSS6AI score0.11883EPSS
Exploits1References6
OSV
OSV
added last week5 views

PYSEC-2026-321 DB-GPT vulnerable to Arbitrary File Upload with Path Traversal

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.1CVSS8AI score0.01192EPSS
Exploits1References5
OSV
OSV
added last week5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
OSV
OSV
added last week5 views

PYSEC-2026-313 Cobbler has Exposed Dangerous Method or Function

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS7.4AI score0.6786EPSS
Exploits0References16
NVD
NVD
added last week9 views

CVE-2026-13547

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 7:30 a.m.32 views

CVE-2026-13547 Hanwang e-Face General Management Platform upload.do unrestricted upload

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 4:16 a.m.8 views

CVE-2026-13528

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS0.00447EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 2:45 a.m.31 views

CVE-2026-13528 YunaiV/zhijiantianya ruoyi-vue-pro AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS0.00447EPSS
Exploits0References8
CVE
CVE
added 2026/06/29 2:45 a.m.15 views

CVE-2026-13528

CVE-2026-13528 affects YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The vulnerable element is the function generateUploadPath in FileServiceImpl.java under the AppFileController File Upload Endpoint. A manipulation can cause path traversal, enabling remote exploitation. The exp...

7.5CVSS6.5AI score0.00447EPSS
Exploits0References8
Rows per page
Query Builder