Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

NVD
NVDadded 5 days ago7 views

CVE-2026-10172

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS0.00036EPSS
Exploits0References5
Cvelist
Cvelistadded 5 days ago29 views

CVE-2026-10172 Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS0.00036EPSS
Exploits0References5
EUVD
EUVDadded 5 days ago8 views

EUVD-2026-33492

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS6.3AI score0.00036EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 5 days ago7 views

PT-2026-45176

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS5.5AI score0.00036EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/05/07 8:21 p.m.5 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00107EPSS
Exploits1References1
Snyk
Snykadded 2026/05/06 9:21 p.m.5 views

Directory Traversal

Overview org.openmrs.web:openmrs-web is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system EMR. Affected versions of this package are vulnerable to Directory Traversal via the WebModuleUtil.startModule function in POST...

9.4CVSS6.4AI score0.00107EPSS
Exploits1References2
NVD
NVDadded 2026/05/06 8:16 p.m.2 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS0.00107EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/06 7:32 p.m.23 views

CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS0.00107EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/06 7:32 p.m.4 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00107EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/06 7:32 p.m.3 views

CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00107EPSS
Exploits1References1
CVE
CVEadded 2026/05/06 7:32 p.m.5 views

CVE-2026-40076

OpenMRS Core (CVE-2026-40076) is vulnerable to Zip Slip via the module upload REST endpoint (POST /openmrs/ws/rest/v1/module). The flaw is in WebModuleUtil.startModule(): ZIP entries under web/module/ are written without normalizing paths, allowing traversal like web/module/foo/../../../../evil.j...

9.4CVSS6.5AI score0.00107EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/04 5:39 p.m.12 views

OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The endpoint POST /openmrs/ws/rest/v1/module is vulnerable to a path traversal Zip Slip attack. An authenticated attacker can upload a crafted .omod archive containing ZIP entries...

9.4CVSS6AI score0.00107EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.3 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS6AI score0.00105EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/01 6:36 p.m.3 views

EUVD-2026-17960

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS6AI score0.00105EPSS
Exploits1References3
NVD
NVDadded 2026/04/01 5:28 p.m.4 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS0.00105EPSS
Exploits1References2
CVE
CVEadded 2026/04/01 12:0 a.m.4 views

CVE-2026-30643

CVE-2026-30643 affects DedeCMS 5.7.118. The issue allows an attacker to execute code by submitting crafted setup tag values during a module upload. Root cause is not explicitly detailed beyond the vulnerable input handling in module uploads. The description does not provide exploit specifics, imp...

9.8CVSS6AI score0.00105EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/01 12:0 a.m.4 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS6AI score0.00105EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/01 12:0 a.m.24 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

0.00105EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/01 12:0 a.m.3 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

6AI score0.00105EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.5 views

PT-2026-29567

🔴 CVE-2026-30643 - Critical An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. https://t.co/rjHTzSsdI1 https://t.co/y2qo3h5iFP...

9.8CVSS6AI score0.00105EPSS
Exploits1References5
Rows per page
Query Builder