Lucene search
+L

352 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.7 views

CVE-2020-11451

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

7.2CVSS7.1AI score0.02658EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:9 a.m.12 views

CVE-2013-0932

EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors...

4CVSS6.8AI score0.01166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 2:31 p.m.27 views

CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud...

4.3CVSS0.00662EPSS
Exploits0References4
CVE
CVE
added 2025/05/07 5:34 p.m.296 views

CVE-2025-20188

CVE-2025-20188 affects Cisco IOS XE Software for Wireless LAN Controllers (WLCs) via the Out-of-Band AP Image Download feature. The issue stems from a hard-coded JSON Web Token (JWT) on affected systems, allowing an unauthenticated, remote attacker to upload arbitrary files, perform path traversa...

10CVSS9.9AI score0.17894EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/04/22 6:16 p.m.4 views

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

7.3CVSS5.8AI score0.00299EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 5:10 a.m.16 views

CVE-2024-10820

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS8AI score0.01164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.4 views

Cisco AsyncOS 输入验证错误漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

7.2CVSS7.3AI score0.00846EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/03 3:39 p.m.63 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/11/13 7:48 a.m.4 views

WordPress WooCommerce Upload Files plugin <= 84.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Upload Files versions = 84.3...

9.8CVSS7AI score0.01164EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/13 4:15 a.m.2 views

CVE-2024-10820

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.4AI score0.01164EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 3:20 a.m.93 views

CVE-2024-10820

CVE-2024-10820 : The WooCommerce Upload Files plugin for WordPress (versions ≤ 84.3) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in upload_files(). This could allow an attacker to upload arbitrary files to the server and may enable remote code execu...

9.8CVSS9.9AI score0.01164EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.5 views

WordPress plugin WooCommerce Upload Files 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.2AI score0.01164EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.6 views

PT-2024-16573 · WordPress · Woocommerce Upload Files

Name of the Vulnerable Software and Affected Versions: WooCommerce Upload Files plugin for WordPress versions up to, and including, 84.3 Description: The issue is related to arbitrary file uploads due to missing file type validation in the upload files function. This allows unauthenticated...

9.8CVSS10AI score0.01164EPSS
Exploits0References9
NVD
NVD
added 2024/11/11 6:15 a.m.26 views

CVE-2024-38826

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...

5.3CVSS0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:30 p.m.36 views

CVE-2024-20528 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

3.8CVSS0.00601EPSS
Exploits0References1
OSV
OSV
added 2024/10/17 7:15 p.m.17 views

BIT-MATTERMOST-2024-43780

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.0, 9.8.x = 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel...

4.3CVSS4.4AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 5:15 p.m.6 views

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

5.4CVSS5.8AI score0.00453EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.8 views

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

6.8CVSS7.1AI score0.00357EPSS
Exploits0References5
NVD
NVD
added 2024/09/20 9:15 p.m.21 views

CVE-2024-46647

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via uploadfiles...

6.5CVSS0.00818EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/20 12:0 a.m.10 views

eNMS 安全漏洞

eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS versions 4.4.0 through 4.7.1, which stems from vulnerability to directory traversal attacks via uploadfiles...

6.5CVSS6.8AI score0.00818EPSS
Exploits1References2
Rows per page
Query Builder