Lucene search
K

45738 matches found

CVE
CVE
added 2026/05/24 10:30 a.m.39 views

CVE-2026-9374

The CVE applies to yangzongzhuan RuoYi-Vue (up to version 3.9.2). The vulnerable component is the Common Upload Endpoint, specifically the FileUploadUtils.upload function in /common/upload. The root cause is described as a manipulation that enables unrestricted file upload, allowing remote exploi...

6.5CVSS6.3AI score0.00195EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/24 12:13 a.m.95 views

evershop-stored-xss-cve

Security Vulnerability Disclosure – Stored XSS via File Upload...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/23 7:16 p.m.13 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
CVE
CVE
added 2026/05/23 6:30 p.m.22 views

CVE-2018-25353

Affected software: Redaxo CMS Mediapool Addon 5.5.1 and older. Vulnerability: Arbitrary file upload via bypassing the extension blacklist, enabled by obfuscated extensions (e.g., php71, php53). Impact: Authenticated editor users can upload executable files, potentially achieving code execution (h...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.16 views

CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/23 4:22 a.m.99 views

Exploit for CVE-2026-6960

CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...

9.8CVSS6.1AI score0.00672EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞

Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...

8.8CVSS6.1AI score0.00452EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 11:16 p.m.13 views

CVE-2026-40412

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...

10CVSS0.00534EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:3 p.m.11 views

EUVD-2026-31511

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...

10CVSS6AI score0.00534EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 5:55 p.m.26 views

CVE-2026-39970

The CVE covers TypeBot (chatbot builder) ≤ version 3.15.2, where the profile picture upload form fails to sanitize SVG/XML uploads and directly renders them. This enables stored XSS via crafted SVGs containing JavaScript, with payload stored on app.typebot.io and accessible via a permanent link, ...

8.5CVSS6AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 11:16 a.m.10 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 10:18 a.m.22 views

CVE-2026-5755 Denial of service via crafted TIFF file upload

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS0.00245EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/22 6:47 a.m.13 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42751

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Authenticated users with file upload or posting permissions can cause a denial of service resulting in server Out of Memory O...

6.8CVSS5.8AI score0.00245EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

9front 安全漏洞

9front is an open-source class Unix distributed operating system based on Plan 9. 9front has a security vulnerability, which stems from respecting the default values provided by the website for HTML file upload forms. This vulnerability could allow attackers to create websites with malicious...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.10 views

PT-2026-42720

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 9:27 p.m.32 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/05/21 9:27 p.m.21 views

CVE-2026-6960

BookingPress Pro (WordPress) is affected by CVE-2026-6960 due to missing file type validation in the function bookingpress_validate_submitted_booking_form_func, affecting all versions up to and including 5.6. The vulnerability enables arbitrary file uploads on the affected site’s server and could...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
Rows per page
Query Builder