Lucene search
K

1018 matches found

Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.5 views

CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

9.8CVSS8.5AI score0.00813EPSS
Exploits1References3
CVE
CVE
added 2025/12/22 9:35 p.m.12 views

CVE-2023-53980

ProjectSend r1605 is affected by a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions via the upload.process.php endpoint, enabling execution of arbitrary commands on the server. The issue, described across multiple sources, stems f...

9.8CVSS8.5AI score0.00813EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2023-53924

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

8.8CVSS8.3AI score0.00794EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/12/17 9:29 p.m.4 views

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

9.1CVSS6.4AI score0.01381EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS6.3AI score0.00809EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50529

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15 Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions...

8.8CVSS7.4AI score0.00809EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.6 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS6.8AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 6:15 p.m.7 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS0.0013EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:26 p.m.4 views

EUVD-2025-201466

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.2AI score0.0013EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:26 p.m.2 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.4AI score0.0013EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 5:26 p.m.4 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.7AI score0.0013EPSS
Exploits0References6
CVE
CVE
added 2025/12/05 5:26 p.m.13 views

CVE-2025-66548

The Nextcloud Deck app allows spoofing file extensions by using RTLO characters, causing a mismatch between the displayed and actual extension. Affected versions are prior to 1.12.7, 1.14.4, and 1.15.1; fixes are in 1.12.7, 1.14.4, and 1.15.1. Exploitation details are not provided in the supplied...

5.5CVSS6.4AI score0.0013EPSS
Exploits0References4Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 7:59 a.m.26 views

Deck app allows to spoof file extensions by using RTLO characters

None...

5.5CVSS5.2AI score0.0013EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49297

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...

5.5CVSS6.5AI score0.0013EPSS
Exploits0References10
EUVD
EUVD
added 2025/11/07 3:2 a.m.4 views

EUVD-2025-37861

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6.4AI score0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-44026

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, contains a Carriage Return Line Feed CRLF injection flaw...

8.2CVSS6.8AI score0.00398EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/10/16 6:12 p.m.8 views

bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

6.9CVSS7AI score0.00255EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/10/07 12:31 a.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...

5.4CVSS7AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6988

Malware in sbrugna...

6CVSS6.4AI score0.0156EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-5508

Malware in sbrugna...

9.3CVSS6.4AI score0.02951EPSS
Exploits0References5
Rows per page
Query Builder