Lucene search
K

1076 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 6:8 p.m.5 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.6AI score0.04151EPSS
Exploits3References2Affected Software1
Snyk
Snyk
added 2026/04/07 3:45 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the jato.clientSession HTTP parameter of the deserializeAttributes function. An attacker can execute arbitrary code on the server by sending a crafted serialized Java object to endpoints that process...

9.8CVSS6.1AI score0.1049EPSS
Exploits2References2
Veracode
Veracode
added 2026/04/04 5:28 a.m.10 views

Remote Code Execution

D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...

9.8CVSS5.5AI score0.00622EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/03 12:0 a.m.22 views

CVE-2025-59710

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...

0.00459EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 2:16 p.m.5 views

CVE-2026-2701

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...

9.1CVSS0.4881EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 a.m.4 views

EUVD-2026-17743

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

8.7CVSS6.7AI score0.00666EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/30 11:1 a.m.10 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7AI score0.0036EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/27 10:16 p.m.5 views

CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28292

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is subject to an unrestricted file upload issue. This allows an attacker to upload and execute malicious scripts, potentially gaining complete control over the server...

9.8CVSS5.9AI score0.00295EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.2 views

CVE-2026-32482

Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through 1.24...

5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

WordPress plugin Ona 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.9CVSS5.9AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 12:6 a.m.28 views

CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass...

9.8CVSS0.01479EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:8 p.m.4 views

CVE-2026-32756

Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an...

8.8CVSS6AI score0.00982EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/17 6:30 p.m.6 views

EUVD-2026-12598

The GL-iNet Comet GL-RM1 KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS5.8AI score0.0016EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 5:18 p.m.2 views

CVE-2026-32290 GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS6AI score0.0016EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.10 views

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability present in GL-iNet Comet, which stems from insufficient verification of the authenticity of uploaded firmware files. This vulnerability may allow intermediate...

7CVSS6AI score0.0016EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/07 9:30 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ajaxdeletefile function. An attacker can delete arbitrary files on the server by sending crafted requests as an authenticated user with Contributor-level access or higher. This can result in the deletion of...

8.6CVSS6.3AI score0.00654EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-29058

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS6AI score0.02132EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.7 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

8.8CVSS6.6AI score0.00612EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 7:8 a.m.36 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS0.02132EPSS
Exploits2References1
Rows per page
Query Builder