CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

SUSE CVE•added 2026/04/30 2:46 a.m.•3 views

SUSE CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session...

7.5CVSS5.4AI score0.00132EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:7 p.m.•2 views

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00057EPSS

Exploits0References1

EUVD•added 2026/03/16 3:30 p.m.•3 views

EUVD-2026-12357

7.5CVSS6.6AI score0.00057EPSS

Exploits0References5

EUVD•added 2026/03/09 6:31 a.m.•2 views

EUVD-2026-10289

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...

6.5CVSS6.3AI score0.00017EPSS

Exploits0References5

Cvelist•added 2026/03/09 2:32 a.m.•28 views

CVE-2026-3797 Tiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted upload

6.5CVSS0.00017EPSS

Exploits0References4

CVE•added 2026/03/09 2:32 a.m.•4 views

CVE-2026-3797

Tiandy Video Surveillance System 7.17.0 is affected by a vulnerability in CLS_REST_File.java uploadFile where manipulating the fileName argument enables unrestricted file upload. The issue can be triggered remotely and public exploits are disclosed. Connected sources confirm the affected componen...

8.8CVSS6.3AI score0.00017EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-1196

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00797EPSS

Exploits0References4

Tenable Nessus•added 2025/08/19 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access...

9.8CVSS8.1AI score0.00797EPSS

Exploits0References2

CNVD•added 2025/08/10 12:0 a.m.•5 views

WordPress AI Engine plugin code execution vulnerability

WordPress AI Engine plugin is a WordPress plugin that integrates artificial intelligence features, providing chatbots, content generation, image generation and other features, supporting docking with OpenAI and other platforms. WordPress AI Engine plugin has a code execution vulnerability that...

8.8CVSS8.5AI score0.01644EPSS

Exploits2References1

OSV•added 2024/03/06 10:56 a.m.•11 views

BIT-DRUPAL-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

9.8CVSS9.3AI score0.00797EPSS

Exploits0References2

OSV•added 2022/02/12 12:0 a.m.•21 views

GHSA-V8WR-R69P-MMWX Unrestricted Upload of File with Dangerous Type in Drupal core

9.8CVSS9.3AI score0.00797EPSS

Exploits0References3

OSV•added 2022/02/11 4:15 p.m.•20 views

CVE-2020-13675

9.8CVSS9.4AI score

Exploits0References1

NVD•added 2022/02/11 4:15 p.m.•14 views

CVE-2020-13675

9.8CVSS0.00797EPSS

Exploits0References1

Prion•added 2022/02/11 4:15 p.m.•13 views

Design/Logic Flaw

7.5CVSS9.4AI score0.00797EPSS

Exploits0References1Affected Software1

OSV•added 2022/02/11 4:15 p.m.•1 views

UBUNTU-CVE-2020-13675

9.8CVSS7.2AI score0.00797EPSS

Exploits0References3

UbuntuCve•added 2022/02/11 4:15 p.m.•39 views

CVE-2020-13675

9.8CVSS7.2AI score0.00797EPSS

Exploits0References2

Cvelist•added 2022/02/11 3:45 p.m.•15 views

CVE-2020-13675

9.4AI score0.00797EPSS

Exploits0References1

CVE•added 2022/02/11 3:45 p.m.•158 views

CVE-2020-13675

CVE-2020-13675 affects Drupal's JSON:API and REST/File modules, where HTTP API file uploads bypass part of the site’s file validation. The vulnerability arises because these modules do not consistently enforce all file validation checks, allowing an attacker to upload files that bypass the intend...

9.8CVSS9.3AI score0.00797EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/02/11 12:0 a.m.•3 views

PT-2022-8502 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue concerns the JSON:API and REST/File modules in Drupal, which allow file uploads through their HTTP APIs. However, these modules do not correctly run all file validation, leading to...

9.8CVSS9.3AI score0.00797EPSS

Exploits0References11

Tenable Nessus•added 2021/09/16 12:0 a.m.•38 views

Drupal 8.9.x < 8.9.19 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.19, 9.1.x prior to 9.1.13, or 9.2.x prior to 9.2.6. It is, therefore, affected by multiple vulnerabilities. - Under some circumstances, the Drupal core JSON:API module does not...

9.8CVSS6.9AI score0.00797EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by