Lucene search
K

3155 matches found

Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.8 views

PT-2025-45330

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

8.1CVSS6.4AI score0.00321EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager version 3.3.1, which stems from allowing users to upload create and rename HTML and SVG type files without adequate content type validation or output...

8.1CVSS5.8AI score0.00321EPSS
Exploits2References3
CVE
CVE
added 2025/11/06 12:0 a.m.14 views

CVE-2025-63307

The CVE-2025-63307 issue affects alexusmai/laravel-file-manager v3.3.1. It describes a Cross-Site Scripting (XSS) vulnerability where user-controlled uploads/renames of HTML and SVG files are served inline without adequate content-type validation or output sanitization, enabling stored XSS. Sever...

8.1CVSS6AI score0.00321EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/05 6:35 a.m.3 views

CVE-2025-12139 File Manager for Google Drive – Integrate Google Drive with WordPress <= 1.5.3 - Unauthenticated Sensitive Information Exposure

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "getlocalizedata" function. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS5.3AI score0.0221EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.3 views

PT-2025-45088

Name of the Vulnerable Software and Affected Versions File Manager for Google Drive – Integrate Google Drive with WordPress versions prior to 1.5.4 Description The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress has a flaw that allows unauthenticated...

7.5CVSS6.4AI score0.0221EPSS
Exploits0References12
Fedora
Fedora
added 2025/11/03 1:38 a.m.5 views

[SECURITY] Fedora 43 Update: Thunar-4.20.6-1.fc43

Thunar is a new modern file manager for the Xfce Desktop Environment. It has been designed from the ground up to be fast and easy-to-use. Its user interfa ce is clean and intuitive, and does not include any confusing or useless options. Thunar is fast and responsive with a good start up time and...

6.9AI score
Exploits0
Patchstack
Patchstack
added 2025/10/30 3:31 p.m.6 views

WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Frontend File Manager versions = 23.2...

4.3CVSS7AI score0.00167EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 12:11 a.m.12 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

8.8CVSS7.6AI score0.00549EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/28 6:30 p.m.7 views

EUVD-2025-36538

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

7.1AI score0.00549EPSS
Exploits2References3
Snyk
Snyk
added 2025/10/28 4:42 p.m.9 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload/rename API endpoints. An attacker can execute arbitrary code on the server by uploading a file with a .png or .pdf extension containing executable code, bypassing client-side validation, then...

8.8CVSS7.9AI score0.00549EPSS
Exploits2References2
NVD
NVD
added 2025/10/28 4:15 p.m.9 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

8.8CVSS0.00549EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.9 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

0.00549EPSS
Exploits2References2
CVE
CVE
added 2025/10/28 12:0 a.m.39 views

CVE-2025-56399

CVE-2025-56399 affects alexusmai/laravel-file-manager 3.3.1 and earlier. An authenticated user can upload a PNG containing PHP code; the upload may bypass client-side validation and be saved on the server. By using the rename API to switch the extension to .php, the file can be accessed via a pub...

8.8CVSS7.2AI score0.00549EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.8 views

PT-2025-44188

Name of the Vulnerable Software and Affected Versions alexusmai laravel-file-manager versions prior to 3.3.2 Description An authenticated attacker can achieve Remote Code Execution RCE through a two-step process involving a crafted file upload. First, a file with a .png extension containing PHP...

8.8CVSS6AI score0.00549EPSS
Exploits2References8
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from a flaw in the file upload functionality that could lead to remote code execution...

8.8CVSS7.6AI score0.00549EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/10/28 12:0 a.m.6 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

7.2AI score0.00549EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/10/25 3:34 p.m.140 views

Exploit for CVE-2025-63307

CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...

8.1CVSS5.4AI score0.00321EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/10/21 6:33 p.m.10 views

CVE-2025-62509

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations view/delete/modify on files created by other users...

8.1CVSS6.6AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/10/20 6:15 p.m.7 views

CVE-2025-62509

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations view/delete/modify on files created by other users...

8.1CVSS0.00279EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/20 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-986193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986193 advisory. default-file-manager5.13.84-1x8664 1 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not...

5.5AI score
Exploits0References1
Rows per page
Query Builder