CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

EUVD•added 2026/05/06 12:30 p.m.•3 views

EUVD-2026-27653

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00617EPSS

Exploits0References4

CVE•added 2026/03/17 11:51 p.m.•5 views

CVE-2026-27895

CVE-2026-27895 affects LDAP Account Manager (LAM). Before version 9.5, the PDF export component fails to validate uploaded file extensions, allowing upload of any file type (e.g., .php) and enabling remote code execution as the web server user. Versions prior to 9.5 are vulnerable; version 9.5 fi...

8.8CVSS6.4AI score0.00103EPSS

Exploits0References3Affected Software1

NVD•added 2026/03/06 4:16 a.m.•2 views

CVE-2026-29041

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS0.00258EPSS

Exploits0References2

Veracode•added 2025/12/01 1:20 p.m.•2 views

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

9.3CVSS8.1AI score0.01277EPSS

Exploits3References5Affected Software1

CVE•added 2025/11/03 7:57 a.m.•8 views

CVE-2025-48396

CVE-2025-48396 concerns Eaton BLSS (Brightlayer Software Suite). The issue stems from improper validation of the file upload functionality, enabling arbitrary code execution. Affected versions are Eaton BLSS prior to the patch, with fixes implemented in the latest script patch version 7.3.0.SCP00...

8.3CVSS6.8AI score0.0008EPSS

Exploits0References1

Cvelist•added 2025/11/03 7:57 a.m.•4 views

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

8.3CVSS0.0008EPSS

Exploits0References1

Vulnrichment•added 2025/11/03 7:57 a.m.•2 views

CVE-2025-48396

8.3CVSS6.8AI score0.0008EPSS

Exploits0References1

NVD•added 2025/10/17 6:15 p.m.•1 views

CVE-2025-62421

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

6.9CVSS0.00028EPSS

Exploits0References1

CNNVD•added 2025/10/17 12:0 a.m.•3 views

Hikvision iSecure Center 安全漏洞

Hikvision iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision iSecure Center that stems from improper file upload validation, which could result in the upload of malicious files...

9.8CVSS6.9AI score0.00135EPSS

Exploits0References2

Vulnrichment•added 2025/10/03 9:46 p.m.•1 views

CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...

5.4CVSS6.5AI score0.00019EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-2090