Lucene search
K

158 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27381

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

8.8CVSS6.7AI score0.00798EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

PhreeSoft PhreeBooks ERP 代码问题漏洞

PhreeSoft PhreeBooks ERP is a business resource planning software provided by PhreeSoft Corporation, which offers enterprise financial management and business process handling functions. Version 5.2.3 of PhreeSoft PhreeBooks ERP contains a code vulnerability. This vulnerability stems from a remot...

8.8CVSS6.6AI score0.00798EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27364

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...

8.8CVSS6.3AI score0.00896EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10629

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.01963EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-25166

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS0.01963EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 6:18 p.m.6 views

CVE-2026-25166

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.01963EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:4 p.m.3 views

CVE-2026-25166

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.01963EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/10 5:4 p.m.2 views

CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability

...

7.8CVSS5.8AI score0.01963EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 5:4 p.m.27 views

CVE-2026-25166

CVE-2026-25166 /Windows System Image Manager ADK: A.local, low-privilege, no-user-interaction remote code execution vulnerability with high impact (C/H/I/A) per CVSS 3.1; fix is an official update. Exploitation details are not provided in the document.

7.8CVSS5.9AI score0.01963EPSS
Exploits0References1Affected Software12
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.13 views

March 10, 2026—KB5079466 (OS Build 28000.1719)

March 10, 2026—KB5079466 OS Build 28000.1719 ​​​​​This security update for Windows 11, version 26H1 KB5079466, includes the latest security improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates, optional...

8.8CVSS7AI score0.04491EPSS
Exploits11
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.10 views

Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.01963EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24293

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.01963EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/02/10 1:17 p.m.5 views

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: velero, cluster-autoscaler, gitlab-rails-ce-fips, gcp-compute-persistent-disk-csi-driver-fips, redpanda, terragrunt, git-lfs-fips, keda-fips, harbor-registry-fips, osv-scanner, postgres-operator-fips, azure-workload-identity-webhook, bank-vaults-fips, kiali, nsc-fips...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 p.m.8 views

CVE-2021-47904

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS6.3AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 5:16 p.m.9 views

CVE-2021-47904

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS0.00614EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:47 p.m.4 views

CVE-2021-47904

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS6.3AI score0.00614EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/23 4:47 p.m.32 views

CVE-2021-47904 PhreeBooks 5.2.3 - Remote Code Execution

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS0.00614EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/23 4:47 p.m.5 views

CVE-2021-47904 PhreeBooks 5.2.3 - Remote Code Execution

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS6.3AI score0.00614EPSS
Exploits0References5
CVE
CVE
added 2026/01/23 4:47 p.m.14 views

CVE-2021-47904

CVE-2021-47904 affects PhreeBooks 5.2.3. An authenticated attacker can upload a malicious PHP web shell via the Image Manager’s unrestricted file-type uploads, enabling remote code execution on the server. Impact: remote code execution with high confidentiality, integrity, and availability implic...

8.8CVSS6.3AI score0.00614EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.7 views

PhreeBooks security vulnerabilities

PhreeBooks is a business resource planning and accounting software developed by the PhreeBooks company. Version 5.2.3 of PhreeBooks contains a security vulnerability, which stems from a file upload vulnerability in the Image Manager, potentially allowing remote code execution...

8.8CVSS6.1AI score0.00614EPSS
Exploits0References6
Rows per page
Query Builder