Lucene search
K

60 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-0086

Malware in sbrugna...

6.5CVSS6.4AI score0.01983EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-44727

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.01141EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-29047

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01851EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/30 1:57 p.m.3 views

CVE-2012-10062 XAMPP WebDAV PHP Upload Authentication Bypass RCE

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...

8.7CVSS8AI score0.01209EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2025/06/03 2:39 a.m.4 views

SUSE CVE-2025-49113

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...

9.9CVSS8AI score0.89462EPSS
Exploits29References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.5 views

CVE-2023-1971

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

6.5CVSS7.4AI score0.00636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 a.m.5 views

CVE-2022-43083

An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.8AI score0.01056EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.10 views

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

9.8CVSS7.3AI score0.01036EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.7 views

CVE-2019-17188

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...

7.2CVSS7.1AI score0.01363EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/05 3:42 p.m.23 views

CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...

5.4CVSS0.00253EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/13 6:0 a.m.13 views

CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF

The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...

7.3AI score0.00275EPSS
Exploits1References1
OSV
OSV
added 2024/05/28 4:15 p.m.4 views

CVE-2024-35324

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php...

9.8CVSS6.6AI score
Exploits0References1
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.5 views

SEMCMS 安全漏洞

SEMCMS is a content management system CMS for foreign trade websites that supports multiple languages. A security vulnerability exists in SEMCMS v.4.8, which originated from allowing remote attackers to execute arbitrary code, elevate privileges, and obtain sensitive information via the upload.ph...

9.8CVSS7.1AI score0.01157EPSS
Exploits1References2
OSV
OSV
added 2024/01/26 5:15 p.m.4 views

CVE-2024-0933

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

9.8CVSS5.3AI score0.0058EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-15001 · Unknown · Class.Upload.Php

Name of the Vulnerable Software and Affected Versions: class.upload.php affected versions not specified Description: The issue is related to a stored XSS vulnerability in the default configuration of class.upload.php, a PHP library for managing image uploads. This vulnerability occurs because the...

6.5CVSS6AI score0.00436EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2023/11/30 1:26 p.m.7 views

CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

4.7CVSS9.2AI score0.01049EPSS
Exploits0References1
OSV
OSV
added 2023/10/14 5:15 a.m.4 views

CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...

9.8CVSS6.3AI score0.01396EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.50 views

YITH WooCommerce Gift Cards < 3.20.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, allowing unauthenticated attackers to upload arbitrary files, such as PHP...

9.8CVSS4.8AI score0.13514EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/12/05 5:15 p.m.4 views

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

7.2CVSS5.9AI score0.01042EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/11/29 12:0 a.m.5 views

CVE-2022-44354

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...

9.4AI score0.02131EPSS
Exploits1References1
Rows per page
Query Builder