Lucene search
+L

171 matches found

NVD
NVD
added 2025/04/22 6:16 p.m.10 views

CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

6.5CVSS0.00598EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.5 views

PT-2025-17578 · Tcpwave · Tcpwave Ddi

Name of the Vulnerable Software and Affected Versions: TCPWave DDI version 11.34P1C2 Description: The issue allows for Remote Code Execution via Unrestricted File Upload combined with Path Traversal. Recommendations: For TCPWave DDI version 11.34P1C2, consider restricting access to file upload...

9.8CVSS7.2AI score0.00865EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.9 views

PT-2025-17049 · Unknown · Theme File Duplicator

Name of the Vulnerable Software and Affected Versions: Theme File Duplicator versions 1.3 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For Theme File Duplicator versions 1.3 and earlier,...

9.9CVSS9.4AI score0.00467EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17158 · Unknown · Solace Extra

Name of the Vulnerable Software and Affected Versions: Solace Extra versions 1.3.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions 1.3.1 and earlier, consider restricting file...

9.9CVSS9.4AI score0.00379EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.12 views

PT-2025-15941 · Unknown · Labcat Processing Projects

Name of the Vulnerable Software and Affected Versions: LABCAT Processing Projects versions 1.0.0 through 1.0.2 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an unrestricted upload of files wi...

9.1CVSS9.2AI score0.00574EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.9 views

PT-2025-15794 · Unknown · Agence Web Eoxia - Montpellier Wp Shop

Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting...

9.6CVSS9.4AI score0.00248EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/02/05 5:41 p.m.12 views

CKAN has an XSS vector in user uploaded images in group/org and user profiles

Impact Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions...

7.3CVSS7.7AI score0.00442EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.6 views

PT-2024-33473 · Myriad Solutionz · Myriad Solutionz Property Lot Management System

Name of the Vulnerable Software and Affected Versions: Myriad Solutionz Property Lot Management System versions n/a through 4.2.38 Description: The issue allows hackers to upload malicious files, exploiting an Unrestricted File Upload vulnerability. This enables the upload of a web shell to a web...

9.9CVSS7.3AI score0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.8 views

PT-2024-32953 · WordPress · Acf Images Search/Insert

Name of the Vulnerable Software and Affected Versions: ACF Images Search And Insert versions 1.1.4 and earlier Description: The issue affects the ACF Images Search And Insert plugin, allowing unrestricted upload of files with dangerous types, such as a web shell, to a web server. This could...

9.9CVSS6.9AI score0.00482EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.12 views

PT-2024-39220 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted...

6.8CVSS6.7AI score0.00788EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.7 views

PT-2024-31857 · October · October

Name of the Vulnerable Software and Affected Versions: October versions 3.6.30 Description: The issue allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site...

4.7CVSS6.4AI score0.0048EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.9 views

PT-2024-31856 · Zenario · Zenario

Name of the Vulnerable Software and Affected Versions: Zenario version 9.7.61188 Description: The issue allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS...

4.8CVSS4.9AI score0.00343EPSS
Exploits1References10
NVD
NVD
added 2024/09/05 1:15 p.m.31 views

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

9.9CVSS0.00513EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.10 views

PT-2024-30245 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.1 Description: The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. Recommendations: For MCMS version 5.4.1,...

8.1CVSS7.7AI score0.00806EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.5 views

PT-2024-30200 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.9.20 Description: The issue allows for Cross Site Scripting XSS via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. Recommendations: For versions prior to 1.9.2...

6.1CVSS5.6AI score0.00329EPSS
Exploits1References8
Veracode
Veracode
added 2024/07/19 9:8 a.m.15 views

Remote Code Execution (RCE)

Apache StreamPipes is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of restrictions on the types of files that authenticated and authorized users can upload, which allows an attacker to execute malicious code on the server...

8.8CVSS7.6AI score0.01106EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.7 views

PT-2024-25906 · Unknown · Cmsimple Xh

Name of the Vulnerable Software and Affected Versions: CMSimple XH version 1.7.6 Description: The issue allows for cross-site scripting XSS by uploading a crafted SVG document. Recommendations: For CMSimple XH version 1.7.6, as a temporary workaround, consider restricting the upload of SVG...

6.1CVSS6.3AI score0.00713EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.12 views

PT-2024-26307 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file through the uploadAudio method. Recommendations: For inxedu version 2024.4, consider disabling the uploadAudio method unt...

9.8CVSS8.4AI score0.00584EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.10 views

PT-2024-12130 · Onthegosystems · Onthegosystems Types

Name of the Vulnerable Software and Affected Versions: OnTheGoSystems Types versions 3.4.17 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects OnTheGoSystems Types. Recommendations: For versions 3.4.17 and earlier, update to a versio...

7.2CVSS8.7AI score0.00758EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.4 views

PT-2024-19544 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: An issue allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrator profile photo upload feature. Recommendations: For osCommerce version 4, as a temporary...

6.6CVSS7.2AI score0.00309EPSS
Exploits1References6
Rows per page
Query Builder