Lucene search
K

45739 matches found

NVD
NVD
added 2026/05/17 1:16 p.m.19 views

CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS0.00515EPSS
Exploits0References2
CVE
CVE
added 2026/05/17 12:15 p.m.18 views

CVE-2026-8754

CVE-2026-8754 affects AstrBotDevs AstrBot up to version 4.23.5. The vulnerability is in the File Upload Handler, specifically the function post_file in astrbot/dashboard/routes/chat.py , where filename manipulation enables a path traversal. Remote exploitation is possible, with the exploit descri...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/17 12:15 p.m.41 views

CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS0.00358EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/17 12:15 p.m.6 views

CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/17 12:15 p.m.24 views

EUVD-2026-30700

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/17 12:11 p.m.11 views

EUVD-2018-21856

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25335

CVE-2018-25335 affects the WordPress plugin Peugeot Music 1.0. It contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload files via POST to upload.php, with attackers able to set arbitrary file extensions by manipulating the name parameter to execute code f...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25332

CVE-2018-25332 - GitBucket 4.23.1 Unauthenticated Remote Code Execution Affected software: GitBucket 4.23.1. Vulnerability: An unauthenticated remote code execution flaw exists due to weak secret token generation and insecure file upload functionality. Adversaries can brute-force the Blowfish enc...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.9 views

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.40 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS0.00589EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.8 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00589EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.14 views

PT-2026-41544

Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.23.6 Description A path traversal issue exists in the File Upload Handler component within the post file function of the astrbot/dashboard/routes/chat.py file. This occurs when the filename argument is...

6.5CVSS6.6AI score0.00358EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

6.5CVSS6.5AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.13 views

PT-2026-41561

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.15 views

PT-2026-41569

Name of the Vulnerable Software and Affected Versions MetaCRM versions prior to 6.4.0 Beta06 Description An unrestricted file upload issue exists in the '/common/jsp/upload3.jsp' file. A remote attacker can exploit this by manipulating the File argument, allowing the upload of unauthorized files...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/05/16 10:6 p.m.103 views

Exploit for Classic Buffer Overflow in Cisco Adaptive_Security_Appliance_Software

CVE-2025-20333 Scanner A Python-based diagnostic scanner for...

9.9CVSS8AI score0.40391EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/05/16 6:51 p.m.154 views

Exploit for CVE-2026-38526

CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestr...

9.9CVSS6.5AI score0.00834EPSS
Exploits3
Rows per page
Query Builder