Lucene search
K

1694 matches found

ATTACKERKB
ATTACKERKB
added 2025/12/30 6:2 p.m.5 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS5.2AI score0.00292EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/30 6:2 p.m.26 views

CVE-2025-15262 BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

5.8CVSS0.00292EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/30 6:2 p.m.2 views

CVE-2025-15262 BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

5.8CVSS4.8AI score0.00292EPSS
Exploits1References4
CVE
CVE
added 2025/12/30 6:2 p.m.13 views

CVE-2025-15262

CVE-2025-15262 affects BiggiDroid Simple PHP CMS 1.0, in the Site Logo Handler component (file /admin/edit.php). Manipulating the image argument reportedly yields unrestricted upload, enabling remote exploitation. Multiple sources confirm the exploit has been released publicly and may be exploite...

7.2CVSS4.8AI score0.00292EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.7 views

PT-2025-54208

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

5.8CVSS6.6AI score0.00292EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/12/29 6:28 p.m.130 views

Exploit for CVE-2025-15495

CVE-2025-15495 - Arbitrary File Upload Leading to Remote Code...

5.8CVSS7.8AI score0.0042EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.3 views

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2025-40815)

A vulnerability has been identified in - LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions - LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions - LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions - LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions - LOGO! 24CE 6ED1052-1CC08-0BA2 All versions - LOGO! 24CEo...

8.6CVSS5.4AI score0.00317EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.4 views

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2025-40815)

A vulnerability has been identified in - LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions - LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions - LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions - LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions - LOGO! 24CE 6ED1052-1CC08-0BA2 All versions - LOGO! 24CEo...

8.6CVSS5.4AI score0.00317EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.3 views

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2025-40815)

A vulnerability has been identified in - LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions - LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions - LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions - LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions - LOGO! 24CE 6ED1052-1CC08-0BA2 All versions - LOGO! 24CEo...

8.6CVSS5.5AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 6:16 p.m.3 views

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

6.1CVSS5.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 6:16 p.m.2 views

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

8.8CVSS5.9AI score0.00265EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2025/12/16 12:40 p.m.2 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted A use-after-free crash can occur after an ELS LOGO is aborted. Specifically, a nodelist structure is freed and then ndlp-vport-cfglogverbose is dereferenced in...

7.8CVSS6.5AI score0.0003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51748

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

8.8CVSS6.9AI score0.00265EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/12/10 6:4 p.m.12 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS7.4AI score0.1914EPSS
Exploits10References2
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6.5AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198802

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6AI score0.00156EPSS
Exploits0References3
CVE
CVE
added 2025/11/24 12:0 a.m.12 views

CVE-2025-60914

CVE-2025-60914 describes an access-control flaw in the Austrian Archaeological Institute Openatlas prior to version 8.12.0, where a crafted GET request to the path /display_logo can disclose sensitive information. The affected product is Openatlas (by the Austrian Archaeological Institute). The u...

4.6CVSS6.1AI score0.00156EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.2 views

Austrian Academy of Sciences OpenAtlas 安全漏洞

Austrian Academy of Sciences OpenAtlas is a database application dealing with archaeology and history organized by the Austrian Academy of Sciences in Austria. A security vulnerability exists in Austrian Academy of Sciences OpenAtlas versions prior to 8.12.0 that stems from improper access contro...

4.6CVSS6.2AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.7 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

0.00156EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/13 8:27 p.m.17 views

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may...

6.3AI score
Exploits0
Rows per page
Query Builder