Lucene search
K

196 matches found

RedhatCVE
RedhatCVE
added 2025/11/14 10:11 a.m.11 views

CVE-2025-64265

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

4.3CVSS7AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 12:31 p.m.3 views

EUVD-2025-163780

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

4.3CVSS6.5AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46801

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

7AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-19381

Malware in sbrugna...

10CVSS9.5AI score0.02069EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4310

Malware in sbrugna...

6.8CVSS6.4AI score0.0313EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35397

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27743

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00809EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 5:56 p.m.19 views

CVE-2025-59547

DNN (DotNetNuke) before version 10.1.0 has a vulnerability in the CKEditor file upload endpoint where filename sanitization allows Unicode-based path traversal that could expose internal network resources. Affected component: CKEditor file upload handler (/api/v1/upload as per PT security doc). I...

5.3CVSS6.4AI score0.00246EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in node-file-uploader (npm)

The package node-file-uploader was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-27621 Malicious code in node-file-uploader (npm)

The package node-file-uploader was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:28 a.m.5 views

CVE-2024-5221

The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS5.8AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.8 views

CVE-2024-35636

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.6 views

CVE-2023-23656

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...

10CVSS5.2AI score0.00809EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:40 p.m.3 views

Malicious code in @sporta-technology/d11-web-components.file-uploader (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/04/23 3:40 p.m.2 views

MAL-2025-3329 Malicious code in @sporta-technology/d11-web-components.file-uploader (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Snyk
Snyk
added 2025/03/24 6:43 p.m.5 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS in MultiFileUploader. An attacker can inject malicious scripts that are stored when uploaded as a multi-fil...

6.1CVSS5.3AI score0.59066EPSS
Exploits2References2
Snyk
Snyk
added 2025/02/25 3:5 p.m.5 views

Arbitrary File Upload

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Arbitrary File Upload in the fileuploader.py widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client. Remediation...

7.1CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2024/06/06 9:15 a.m.2 views

CVE-2024-5221

The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/06 9:15 a.m.3 views

CVE-2024-5221

The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS6.1AI score0.00252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/06/05 7:15 a.m.3 views

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

6.4CVSS6.1AI score0.00315EPSS
Exploits0References5
Rows per page
Query Builder