Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

67 matches found

RedhatCVE
RedhatCVEadded yesterday8 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS
Exploits0References1
NVD
NVDadded 3 days ago7 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS0.00422EPSS
Exploits0References1
Cvelist
Cvelistadded 3 days ago27 views

CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS0.00422EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 3 days ago5 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS
Exploits0References2
EUVD
EUVDadded 3 days ago7 views

EUVD-2026-34913

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS
Exploits0References1
CVE
CVEadded 3 days ago16 views

CVE-2026-11419

The vulnerability CVE-2026-11419 affects Altium Enterprise Server Vault Service UploadController. A path traversal flaw arises from improper validation of a user-controlled path in image upload requests, allowing an authenticated user to craft absolute paths that bypass the configured storage roo...

9.4CVSS6AI score0.00422EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 9:47 p.m.1 views

CVE-2026-33687

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

8.8CVSS5.8AI score0.00023EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/24 7:30 a.m.4 views

CVE-2026-2977

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...

8.8CVSS6AI score0.00048EPSS
Exploits1References1
OSV
OSVadded 2026/02/23 8:16 a.m.2 views

CVE-2026-2978

A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function uploadfilecontroller of the file /backend/app/api/v1/modulesystem/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be...

8.8CVSS5.5AI score0.00017EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/23 8:2 a.m.3 views

CVE-2026-2979 FastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

6.5CVSS5.2AI score0.00061EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/02/23 7:2 a.m.3 views

CVE-2026-2977

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...

6.5CVSS6.1AI score0.00048EPSS
Exploits1References4
CVE
CVEadded 2026/02/23 7:2 a.m.9 views

CVE-2026-2977

CVE-2026-2977 affects FastApiAdmin up to 2.2.0. The vulnerability exists in the upload_controller function in /backend/app/api/v1/module_common/file/controller.py of the Scheduled Task API, enabling unrestricted file upload. Exploitation is remote and has been publicly disclosed per multiple sour...

8.8CVSS6.2AI score0.00048EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/02/23 7:2 a.m.23 views

CVE-2026-2977 FastApiAdmin Scheduled Task API controller.py upload_controller unrestricted upload

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...

6.5CVSS0.00048EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/02/23 12:0 a.m.5 views

FastAPI Admin 代码问题漏洞

FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the uploadcontroller function in the...

8.8CVSS6.7AI score0.00048EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/02/23 12:0 a.m.4 views

PT-2026-21503

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload controller of the file /backend/app/api/v1/module common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the...

6.5CVSS6.2AI score0.00048EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/01 11:29 a.m.2 views

CVE-2025-15360

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...

5.8CVSS6.7AI score0.00035EPSS
Exploits1References1
NVD
NVDadded 2025/12/30 10:15 p.m.3 views

CVE-2025-15360

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...

7.2CVSS0.00035EPSS
Exploits1References4
OSV
OSVadded 2025/12/30 10:15 p.m.0 views

CVE-2025-15360

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...

7.2CVSS5.5AI score0.00035EPSS
Exploits1References4
CVE
CVEadded 2025/12/30 9:32 p.m.10 views

CVE-2025-15360

The CVE-2025-15360 vulnerability affects newbee-mall-plus 2.0.0, specifically the UploadController.java used for Product Information Edit Page. The issue arises from manipulation of the File argument in src/main/java/ltd/newbee/mall/controller/common/UploadController.java, enabling unrestricted f...

7.2CVSS6.5AI score0.00035EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/12/30 9:32 p.m.22 views

CVE-2025-15360 newbee-mall-plus Product Information Edit UploadController.java upload unrestricted upload

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...

5.8CVSS0.00035EPSS
Exploits1References4
Rows per page
Query Builder