Lucene search
K

65 matches found

CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Phpmassmail EverSync 安全漏洞

Phpmassmail EverSync is a synchronization tool developed by the Phpmassmail company. Version 0.5 of Phpmassmail EverSync contains a security vulnerability. This vulnerability stems from the existence of arbitrary files in the files directory, which may lead to the download of database files...

8.7CVSS5.9AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.12 views

PT-2026-23674

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...

7.1CVSS6.2AI score0.00444EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 3:13 a.m.7 views

CVE-2025-14697

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...

6.3CVSS6.3AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

Sixun Shanghui Business Management System 安全漏洞

Sixun Shanghui Business Management System is a group business management system from Sixun, China. A security vulnerability exists in Sixun Shanghui Business Management System version 4.10.24.3, which originates from an accessible file or directory issue in File/ExportFiles...

6.3CVSS4.9AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13203

Malware in sbrugna...

9.3CVSS8.1AI score0.0166EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-8075

Malware in sbrugna...

5.3CVSS5.3AI score0.0158EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-41409

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00617EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2148

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00958EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/10 7:15 p.m.13 views

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

9.3CVSS8.1AI score0.01141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.9 views

PT-2025-32398 · Xoda · Xoda

Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...

9.3CVSS7.8AI score0.01141EPSS
Exploits0References8
CVE
CVE
added 2025/03/26 11:22 a.m.72 views

CVE-2025-1769

CVE-2025-1769 is a Directory Traversal vulnerability in the WordPress plugin “Product Import Export for WooCommerce – Import Export Product CSV Suite” affecting all versions up to and including 2.5.0. It allows an authenticated user with Administrator+ privileges to read arbitrary server log file...

4.9CVSS6.7AI score0.00758EPSS
Exploits0References4Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/29 9:29 p.m.9 views

Vagrant VMware Utility installation files vulnerable to modification by unprivileged user

Summary The Vagrant VMware Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMware Utility 1.0.23...

3.8CVSS6.1AI score0.00141EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/10/11 3:38 p.m.33 views

CVE-2024-6985 Path Traversal in api open_personality_folder in parisneo/lollms-webui

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of t...

4.4CVSS0.00353EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.175 views

Cross Platform Webkit File Dropper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...

8.8CVSS7.4AI score0.43195EPSS
Exploits11
NVD
NVD
added 2024/06/20 9:15 p.m.28 views

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...

6.3CVSS0.00142EPSS
Exploits0References1
Huntr
Huntr
added 2023/08/24 11:27 p.m.19 views

Theft of Arbitrary Files due to lack of intent validation and insecure usage of provider paths in TTFViewerActivity.kt

Description Through the use of Oversecured, leading vulnerability scanner for Android and iOS applications, we were able to detect an Theft of Arbitrary Files vulnerability within TTFViewerActivity.kt. Check full issue definition in the image below: Root Cause Analysis The TTFViewerActivity faile...

5CVSS6.7AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/13 12:0 a.m.12 views

PT-2023-20846 · Diasoft · Diasoft File Replication Pro

Name of the Vulnerable Software and Affected Versions: Diasoft File Replication Pro version 7.5.0 Description: The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory...

9.8CVSS9.5AI score0.06051EPSS
Exploits4References5
NVD
NVD
added 2022/04/08 12:15 p.m.17 views

CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...

9CVSS0.29715EPSS
Exploits1References4
OSV
OSV
added 2022/04/08 12:15 p.m.15 views

CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...

7.2CVSS7.7AI score
Exploits0References4
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.8 views

XpressEngine 跨站脚本漏洞

XpressEngine is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. A security vulnerability exists in XpressEngine, which stems from the fact that in XE 1.116, there is no restriction on file extensions when uploading a Normal button. An attacke...

5.4CVSS5.9AI score0.00487EPSS
Exploits1References2
Rows per page
Query Builder