Lucene search
K

69066 matches found

Nuclei
Nuclei
added 6 hours ago89 views

VvvebJs < 1.7.5 - Arbitrary File Upload

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...

6.5CVSS6.3AI score0.09366EPSS
Exploits2References4
Nuclei
Nuclei
added 6 hours ago80 views

Z-Downloads < 1.11.7 - Cross-Site Scripting

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. id: CVE-2024-8673 info: name: Z-Downloads 1.11.7 - Cross-Site Scripting author: Splint3r7 severity: low description: | The plugin does not properly validate uploaded files...

9.1CVSS6.1AI score0.01631EPSS
Exploits1References1
Nuclei
Nuclei
added 6 hours ago111 views

geojson2kml - Command Injection

Detects command injection vulnerability by checking if hacked.txt is created and contains the expected content. id: CVE-2020-28429 info: name: geojson2kml - Command Injection author: eeche,chae1xx1os,persona-twotwo,soonghee2 severity: critical description: | Detects command injection vulnerabilit...

9.8CVSS7AI score0.63305EPSS
Exploits1References3
Nuclei
Nuclei
added 6 hours ago116 views

GutenKit <= 2.1.0 - Arbitrary File Upload

The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to, a...

9.8CVSS7.2AI score0.10429EPSS
Exploits3References2
Nuclei
Nuclei
added 6 hours ago38 views

BerqWP <= 1.7.6 - Arbitrary File Upload

The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/storewebp.php file in all versions up to, and including, 1.7.6...

10CVSS6.5AI score0.04624EPSS
Exploits1References3
Nuclei
Nuclei
added 6 hours ago20 views

Qualitor <= 8.24 - Remote Code Execution

Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via Arbitrary File Upload in checkAcesso.php. id: CVE-2024-44849 info: name: Qualitor = 8.24 - Remote Code Execution author: s4e-io severity: critical description: | Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via...

9.8CVSS6.2AI score0.46301EPSS
Exploits1References5
Nuclei
Nuclei
added 6 hours ago254 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.4AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added 6 hours ago99 views

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...

9.8CVSS6.3AI score0.04675EPSS
Exploits1References3
Nuclei
Nuclei
added 6 hours ago72 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added 6 hours ago46 views

Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...

9.8CVSS6.5AI score0.04591EPSS
Exploits0References3
Nuclei
Nuclei
added 6 hours ago17 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS6.2AI score0.0185EPSS
Exploits2References2
Nuclei
Nuclei
added 6 hours ago8 views

VvvebJs <= 2.0.5 - Cross-Site Scripting

Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...

5.3CVSS6.1AI score0.00773EPSS
Exploits1References2
Nuclei
Nuclei
added 6 hours ago65 views

Dify v1.6.0 - Server-Side Request Forgery

Dify v1.6.0 contains a server side request forgery caused by improper validation in controllers.console.remotefiles.RemoteFileUploadApi, letting attackers make arbitrary requests from the server, exploit requires network access. id: CVE-2025-56520 info: name: Dify v1.6.0 - Server-Side Request...

5.3CVSS6.2AI score0.00649EPSS
Exploits1References2
Nuclei
Nuclei
added 6 hours ago44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added 6 hours ago7 views

YesWiki Reflected XSS via File Upload

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS6.1AI score0.00582EPSS
Exploits1References2
Nuclei
Nuclei
added 6 hours ago44 views

Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

9.8CVSS7AI score0.01907EPSS
Exploits1References2
Nuclei
Nuclei
added 6 hours ago16 views

MindsDB - Remote Code Execution

MindsDB 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication. id: CVE-2026-27483 info: name: MindsDB - Remote Code Execution author:...

8.8CVSS6.6AI score0.11113EPSS
Exploits4References4
Nuclei
Nuclei
added 6 hours ago21 views

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...

9.8CVSS6.2AI score0.03177EPSS
Exploits2
Nuclei
Nuclei
added 6 hours ago17 views

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...

9.8CVSS6.3AI score0.04458EPSS
Exploits1References1
Nuclei
Nuclei
added 6 hours ago20 views

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

9.8CVSS7.5AI score0.32714EPSS
Exploits13References4
Rows per page
Query Builder