Lucene search
K

3591 matches found

EUVD
EUVD
added 2026/06/11 10:21 a.m.12 views

EUVD-2026-36233

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 10:21 a.m.25 views

CVE-2026-1500

GitLab CE/EE (versions 17.10 prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2) are affected by CVE-2026-1500. An authenticated user could trigger denial of service via uncontrolled resource consumption when processing a specially crafted file upload. The issue has been remediate...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

GitLab 17.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-1500)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48645

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where an authenticated user can cause a denial of service through uncontrolled resour...

6.5CVSS5.2AI score0.00321EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Başarsoft Rotaban 代码问题漏洞

Başarsoft Rotaban is a service route optimization platform developed by the Turkish company Başarsoft. Versions of Başarsoft Rotaban prior to V2026.06.002 and V2026.06.003 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited upload of dangerous type files, which could...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

SolidInvoice 跨站脚本漏洞

SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...

8.1CVSS4.9AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Siemens多款产品 代码问题漏洞

Siemens SIPROTEC 5 6MD84, among others, are relay devices produced by the German company Siemens. Several Siemens products have code vulnerabilities. These vulnerabilities stem from allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, which may lead to denial of servic...

6.9CVSS5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.6 views

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 1:55 a.m.8 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

WordPress plugin Background Image Cropper 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...

9.8CVSS6.8AI score0.00838EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-1555

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS6.4AI score0.00984EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS6.6AI score0.03092EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-9157

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

8.6CVSS5.5AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 8:48 p.m.21 views

CVE-2026-42538

IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from insufficient user...

7.8CVSS6.3AI score0.25323EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.18 views

End-to-End Encryption App 安全漏洞

End-to-End Encryption App is an open-source end-to-end encryption client implementation by Nextcloud. Vulnerabilities exist in versions of End-to-End Encryption App between 1.15.0 and 1.15.4, 1.16.0 and 1.16.3, 1.17.0 and 1.17.1, and 1.18.0 and 1.18.1. These vulnerabilities stem from improper...

3.5CVSS5.3AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

8.6CVSS6.2AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin WPify Woo Czech 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.9CVSS5.9AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder