Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/02/06 9:9 p.m.23 views

CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...

7.5CVSS0.01472EPSS
Exploits3References3
OSV
OSVadded 2023/03/01 10:15 a.m.2 views

CVE-2023-1112

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...

9.8CVSS5.6AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/03/01 12:0 a.m.4 views

PT-2023-16763 · Unknown · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload Contact Form 7 version 5.0.6.1 Description: A critical issue has been found, affecting an unknown function of the file admin-ajax.php. The manipulation of the upload name argument leads to relative path...

9.8CVSS9.5AI score0.31802EPSS
Exploits3References5
CNNVD
CNNVDadded 2023/03/01 12:0 a.m.3 views

WordPress plugin Drag and Drop Multiple File Upload Contact Form 7 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS5.7AI score0.31802EPSS
Exploits3References4
OSV
OSVadded 2018/02/09 10:29 p.m.1 views

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...

6.1CVSS5.8AI score0.0032EPSS
Exploits3References3
OpenVAS
OpenVASadded 2012/05/31 12:0 a.m.58 views

Debian Security Advisory DSA 2465-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2465-1. OpenVAS Vulnerability Test $Id: deb24651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2465-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

7.5CVSS0.4AI score0.94363EPSS
Exploits43
Packet Storm
Packet Stormadded 2005/11/08 12:0 a.m.22 views

phpfm.txt

upload phpshell in PHPFM discovered by rUnViRuS www.worlddefacers.net www.security-arab.com =-=-=-=-=-=-=-=-= the code shell :- --------------- save as cmd.php now upload in PHPFM =-=-=-= Used Shell =-=-=-= www.site.com/file upload name/files/cmd.php?cmd=command linux...

Exploits0
Rows per page
Query Builder