Lucene search
K

3586 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

SATO CL4NX Printers Incorrect Authorization (CVE-2023-23594)

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. Thi...

9.8CVSS8.7AI score0.01516EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.29 views

CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

7.5CVSS0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

aEnrich a+HCM 代码问题漏洞

aEnrich a+HCM is a human capital management system developed by aEnrich Company in Taiwan, China. aEnrich a+HCM has code-related vulnerabilities. These vulnerabilities stem from arbitrary file uploads, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

7.5CVSS5.8AI score0.02172EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function createUploadFile in the file...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33803

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description The product custom option file upload feature uses an incomplete blocklist forbidden extensions = php,exe to prevent dangerous file uploads. This restriction can be bypassed b...

8.8CVSS6.3AI score0.00691EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

6.9CVSS7.2AI score0.00274EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.6 views

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow...

5.4CVSS7.7AI score0.07016EPSS
In wildExploits0
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.8 views

WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00867EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:29 p.m.5 views

CVE-2026-33436

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

3.1CVSS5.7AI score0.00168EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...

6.5CVSS6.7AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

WordPress plugin Kubio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00536EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:37 a.m.6 views

CVE-2026-1555

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS6.5AI score0.00984EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.15 views

CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS0.00109EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.5 views

Saleor Cross Site Scripting

Saleor suffers from a persistent cross site scripting vulnerability via an unrestricted file upload functionality. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...

8.5CVSS5.2AI score0.00228EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a security vulnerability; this vulnerability stems from unlimited upload...

8.6CVSS6.2AI score0.00432EPSS
Exploits0References1
OSV
OSV
added 2026/04/11 11:2 p.m.3 views

MGASA-2026-0093 Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/09 6:30 a.m.5 views

EUVD-2026-20843

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS6.7AI score0.03092EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31577

Name of the Vulnerable Software and Affected Versions The Quick Playground plugin for WordPress versions up to and including 1.3.1 Description The Quick Playground plugin for WordPress is susceptible to Remote Code Execution due to inadequate authorization checks on REST API endpoints. These...

9.8CVSS6.6AI score0.03092EPSS
Exploits3References14
Rows per page
Query Builder