Lucene search
K

348 matches found

Cvelist
Cvelist
added 2026/06/09 8:46 a.m.41 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:46 a.m.11 views

EUVD-2026-35383

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:46 a.m.7 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:46 a.m.40 views

CVE-2026-46746

Vulnerability summary (CVE-2026-46746): In Siemens SINEC INS, all versions prior to V1.0 SP2 Update 6 expose a flaw in the /api/sftp/uploadFiles endpoint. The app does not properly sanitize user input, enabling injection of shell command payloads via crafted directory names. These payloads are st...

8.8CVSS6AI score0.00451EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Siemens SINEC INS 操作系统命令注入漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

8.8CVSS5.6AI score0.00451EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 1:12 p.m.9 views

Arbitrary File Upload

Overview @strapi/upload is a Makes it easy to upload images and files to your Strapi Application. Affected versions of this package are vulnerable to Arbitrary File Upload via the Content API uploadFiles and replaceFile handlers, which bypass administrator-configured MIME type restrictions. An...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44853

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS0.01014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:58 p.m.11 views

CVE-2026-44854

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2026/05/12 9:12 a.m.18 views

Valid share tokens allow to access tempory upload files of share owner

None...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...

7.2CVSS6AI score0.01014EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/03 12:30 p.m.9 views

EUVD-2026-26834

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32495

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30905

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, when an administrator revokes a user's Share and Download permissions, existing share links created by that user remain...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References9
EUVD
EUVD
added 2026/04/04 9:30 a.m.11 views

EUVD-2026-18985

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS5.9AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/04 8:25 a.m.4 views

CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS5.9AI score0.00301EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/04 8:25 a.m.20 views

CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 8:25 a.m.7 views

CVE-2026-2826

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS5.9AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-3533

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00676EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 11:27 a.m.8 views

CVE-2019-25647

CVE-2019-25647 affects PhreeBooks ERP 5.2.3. A remote code execution vulnerability exists in the image manager that lets an authenticated attacker upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can place malicious PHP files via the image manager endpoint an...

8.8CVSS6.7AI score0.00798EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:25 p.m.4 views

CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00676EPSS
Exploits0References4
Rows per page
Query Builder