Lucene search
K

45738 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46041

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

6.2AI score0.003EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.11 views

Samba SMB Printer Share Utility Share Enumeration / File Access Testing Tool

This Python utility is a lightweight SMB interaction tool designed for enumerating Samba/Windows shares, identifying printer-related shares, testing write permissions, and uploading files to accessible SMB resources. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 10:4 p.m.13 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

7.3CVSS6.3AI score0.00472EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.11 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:4 a.m.8 views

CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS5.8AI score0.00447EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 9:4 a.m.10 views

CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/01 8:31 a.m.13 views

WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

7.2CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/01 8:25 a.m.10 views

WordPress GutenBee – Gutenberg Blocks plugin <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GutenBee versions = 2.20.1...

8.8CVSS5.8AI score0.00659EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 12:0 a.m.40 views

CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

6.5CVSS0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft Corporation. Version 6.4.0 of Metasoft MetaCRM contains a code vulnerability. This vulnerability stems from the develop/systparam/softlogo/upload.jsp file, which lacks restrictions on uploads, potentially...

6.5CVSS6.5AI score0.00201EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/31 9:45 a.m.87 views

Exploit for CVE-2026-3891

███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...

9.8CVSS6.1AI score0.00845EPSS
Exploits5
NVD
NVD
added 2026/05/30 4:17 p.m.23 views

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS0.00325EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.8 views

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/30 2:55 p.m.17 views

CVE-2018-25412

DeltaSql 1.8.2 is affected by an arbitrary file upload vulnerability reachable via docs_upload.php. The issue allows unauthenticated attackers to upload PHP files through crafted multipart form data and place them in the upload directory, enabling remote code execution on the server. The connecte...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/30 2:55 p.m.14 views

EUVD-2018-21934

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.30 views

CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS0.00771EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.40 views

CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS0.00325EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.12 views

CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00325EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.10 views

EUVD-2018-21931

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00325EPSS
Exploits0References4
Rows per page
Query Builder