Lucene search
K

40 matches found

Cisco
Cisco
added 2026/06/15 4:0 p.m.9 views

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.6AI score0.07683EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40488

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

8.8CVSS5.8AI score0.00691EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/31 10:22 p.m.5 views

baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/31 10:22 p.m.65 views

GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 12:43 a.m.10 views

CVE-2025-32957

baserCMS prior to version 5.2.3 is vulnerable in its restore function, which accepts a ZIP upload and auto-extracts it. A PHP file inside the archive is then included via require_once without validating or restricting the filename, enabling arbitrary code execution if a malicious PHP file is craf...

8.7CVSS6.3AI score0.00577EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/31 12:43 a.m.7 views

CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

8.7CVSS6.4AI score0.00577EPSS
Exploits1References5
CVE
CVE
added 2026/03/19 5:24 a.m.49 views

CVE-2026-27540

CVE-2026-27540 is an unauthenticated arbitrary file upload vulnerability in the WordPress WooCommerce Wholesale Lead Capture plugin (

9CVSS5.7AI score0.0047EPSS
In wildExploits2References1
OSV
OSV
added 2025/12/11 10:15 p.m.3 views

CVE-2024-58313

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

7.2CVSS6AI score0.00524EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/12/11 10:11 p.m.6 views

WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability

Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...

4.3CVSS6.7AI score0.00196EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/12/02 1:12 p.m.288 views

Exploit for CVE-2025-1337

CVE‑2025‑1337 — Intentional Remote Code Execution Training Mac...

5.1CVSS7.5AI score0.00489EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/10/20 4:34 p.m.12 views

CVE-2025-62421

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

6.9CVSS6.2AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3044

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.0552EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/02 5:15 a.m.2 views

CVE-2025-11221 Remote Code Execution in GTONE ChangeFlow

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue affects ChangeFlow: from All versions through...

9.4CVSS6.5AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 6:38 a.m.2 views

CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

7.2CVSS6.9AI score0.00526EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/10 6:38 a.m.11 views

CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

7.2CVSS0.00526EPSS
Exploits0References2
NVD
NVD
added 2025/08/16 4:15 a.m.5 views

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

6.6CVSS0.00638EPSS
Exploits0References2
OSV
OSV
added 2025/05/01 1:11 p.m.4 views

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

5.4CVSS6.4AI score0.0027EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/03/28 9:0 a.m.102 views

Exploit for Unrestricted Upload of File with Dangerous Type in Codeastro Internet_Banking_System

--- CVE-2025-29017 - Internet Banking System 2.0.0 Remote Cod...

8.8CVSS9.9AI score0.00749EPSS
Exploits2
OSV
OSV
added 2025/01/24 4:15 p.m.3 views

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...

8CVSS5.8AI score0.00374EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.4 views

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions 7.x prior to 7.30, 8.x prior to 8.11, and 9.0, which stems from a vulnerability that could allow a remote, authenticated attacker to execute operating system commands via a dangerous type of file...

7.2CVSS6.9AI score0.00901EPSS
Exploits1References2
Rows per page
Query Builder