Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

54 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 9:34 a.m.8 views

CVE-2024-0348

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS7AI score0.00052EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:15 a.m.3 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS7.3AI score0.13692EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:55 a.m.5 views

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

5.4CVSS5.9AI score0.0025EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:31 a.m.10 views

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

9.8CVSS7.4AI score0.47312EPSS
Exploits1References1
OSV
OSVadded 2025/01/05 3:15 p.m.7 views

CVE-2024-13141

A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotel...

5.4CVSS6.3AI score
Exploits0References4
NVD
NVDadded 2024/09/01 10:15 p.m.23 views

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS0.00199EPSS
Exploits1References3
AlpineLinux
AlpineLinuxadded 2024/09/01 10:15 p.m.23 views

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS7AI score0.00199EPSS
Exploits1References3
CVE
CVEadded 2024/09/01 10:0 p.m.81 views

CVE-2024-8370

CVE-2024-8370 affects Grocy up to 4.2.0, targeting the SVG File Upload Handler. The vulnerability exists in unknown code path under /api/files/recipepictures/ where manipulating the argument force_serve_as with a crafted image leads to stored cross-site scripting. Exploitation is remotely possibl...

5.4CVSS4AI score0.00199EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2024/09/01 10:0 p.m.26 views

CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.3CVSS0.00199EPSS
Exploits1References3
NVD
NVDadded 2024/01/09 10:15 p.m.10 views

CVE-2024-0348

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.1AI score0.00052EPSS
Exploits1References3
Prion
Prionadded 2024/01/09 10:15 p.m.13 views

Design/Logic Flaw

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...

4CVSS7.2AI score0.00052EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2024/01/09 10:0 p.m.43 views

CVE-2024-0348

The CVE-2024-0348 entry concerns SourceCodester Engineers Online Portal 1.0. The vulnerability affects the File Upload Handler component (an unknown function) and leads to resource consumption. The issue is exploitable remotely over the network, with the exploit publicly disclosed (VDB-250116). S...

6.5CVSS6.5AI score0.00052EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2024/01/09 12:0 a.m.3 views

Engineers Online Portal Resource Management Error Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. A resource management error vulnerability exists in SourceCodester Engineers Online Portal version 1.0, which stems from th...

6.5CVSS6.9AI score0.00052EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2023/12/17 12:31 a.m.9 views

CVE-2023-6887 saysky ForestBlog Image Upload img unrestricted upload

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attac...

6.5CVSS6.9AI score0.00077EPSS
Exploits1References3
NVD
NVDadded 2023/05/11 8:15 a.m.10 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS7.3AI score0.13692EPSS
Exploits1References3
OSV
OSVadded 2023/05/11 8:15 a.m.2 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS6.3AI score0.13692EPSS
Exploits1References3
Prion
Prionadded 2023/05/11 8:15 a.m.18 views

Command injection

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

6.5CVSS8.9AI score0.13692EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2023/05/11 7:31 a.m.162 views

CVE-2023-2647

Weaver E-Office 9.5 is affected by a command-injection vulnerability in the File Upload Handler, specifically the /webroot/inc/utility_all.php file. The issue allows remote exploitation and has been publicly disclosed. Multiple connected sources consistently identify the vulnerable component as t...

8.8CVSS7.8AI score0.13692EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/05/11 12:0 a.m.4 views

PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

8.8CVSS6.9AI score0.13692EPSS
Exploits1References5
Veracode
Veracodeadded 2023/04/10 4:35 a.m.19 views

Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

9.8CVSS8.8AI score0.47312EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder