Lucene search
+L

209 matches found

GithubExploit
GithubExploit
added 2025/06/13 3:31 p.m.140 views

Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax

CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...

9.9CVSS10AI score0.00741EPSS
Exploits2
CVE
CVE
added 2025/06/10 6:0 a.m.64 views

CVE-2025-4954

The CVE-2025-4954 entry concerns the WordPress plugin Axle Demo Importer (up to version 1.0.3). The vulnerability arises because the plugin does not validate uploaded files, allowing authenticated users (author level and above) to upload arbitrary files such as PHP to the server. This is stated d...

8.8CVSS6.6AI score0.00507EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.20 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

9.8CVSS6.7AI score0.00846EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.8 views

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS7AI score0.00431EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.8 views

WordPress plugin CSV Mass Importer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.5AI score0.00489EPSS
Exploits3References3
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS5.9AI score0.00572EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/12 12:5 a.m.20 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS7.9AI score0.00804EPSS
Exploits2References1
NVD
NVD
added 2025/04/10 2:15 p.m.16 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS0.00804EPSS
Exploits2References1
OSV
OSV
added 2025/04/10 2:15 p.m.4 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS5.9AI score0.00804EPSS
Exploits2References1
CVE
CVE
added 2025/04/10 12:0 a.m.66 views

CVE-2025-29017

Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...

8.8CVSS7.2AI score0.00804EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/10 12:0 a.m.8 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

9AI score0.00804EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.5 views

PT-2025-15988 · Unknown · Codeastro Internet Banking System

Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...

8.8CVSS7AI score0.00804EPSS
Exploits2References9
Cvelist
Cvelist
added 2025/04/10 12:0 a.m.17 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

0.00804EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/29 12:0 a.m.4 views

WordPress plugin Inline Image Upload for BBPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS8.7AI score0.00798EPSS
Exploits0References4
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

IBM Security ReaQta Code Issue Vulnerability

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...

4.7CVSS7.3AI score0.00257EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.6 views

Pytorch-Lightning Code Issue Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...

9.1CVSS8.2AI score0.01019EPSS
Exploits1References1
NVD
NVD
added 2025/02/11 11:15 a.m.7 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS0.00337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.5 views

PT-2025-4135 · Cockpit Hq · Cockpit

Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.4.1 Description: The issue allows for Arbitrary File Upload, where an attacker can bypass the upload filter by using different extensions. Recommendations: For cockpit-hq/cockpit versions prior to 2.4.1,...

8.7CVSS7AI score0.19493EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.6 views

Code-Projects Online Car Rental System 安全漏洞

Code-Projects Online Car Rental System is an open source car rental system from Code-Projects. A security vulnerability exists in Code-Projects Online Car Rental System version 1.0, which stems from a file upload feature that does not validate file extensions or MIME types, allowing an attacker t...

6.5CVSS8.2AI score0.02424EPSS
Exploits3References2
NVD
NVD
added 2024/11/22 6:15 a.m.29 views

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

6.6CVSS0.00733EPSS
Exploits1References1
Rows per page
Query Builder