Lucene search
K

205 matches found

Veracode
Veracode
added 2025/12/01 1:20 p.m.7 views

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

9.3CVSS8.1AI score0.02503EPSS
Exploits3References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.11 views

PT-2025-47439

Name of the Vulnerable Software and Affected Versions WavePlayer WordPress plugin versions prior to 3.8.0 Description The software does not have proper authorization checks for an AJAX action and lacks file validation when copying files locally. This allows unauthenticated users to upload arbitra...

9.8CVSS7.6AI score0.00419EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.4 views

PT-2025-45011

Name of the Vulnerable Software and Affected Versions Easy Upload Files During Checkout plugin for WordPress versions prior to 2.9.9 Description The Easy Upload Files During Checkout plugin for WordPress is susceptible to arbitrary JavaScript file uploads because of a lack of file type validation...

9.8CVSS7.9AI score0.00593EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/03 7:57 a.m.7 views

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

8.3CVSS0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/03 7:57 a.m.3 views

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

8.3CVSS6.8AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2025/11/03 7:57 a.m.17 views

CVE-2025-48396

CVE-2025-48396 concerns Eaton BLSS (Brightlayer Software Suite). The issue stems from improper validation of the file upload functionality, enabling arbitrary code execution. Affected versions are Eaton BLSS prior to the patch, with fixes implemented in the latest script patch version 7.3.0.SCP00...

8.3CVSS6.8AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

WordPress Plugin Auto Featured Image Server-Side Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...

7.7CVSS6.5AI score0.00042EPSS
Exploits0References1
NVD
NVD
added 2025/10/17 6:15 p.m.4 views

CVE-2025-62421

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

6.9CVSS0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.6 views

Hikvision iSecure Center 安全漏洞

Hikvision iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision iSecure Center that stems from improper file upload validation, which could result in the upload of malicious files...

9.8CVSS6.9AI score0.00458EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-0579

Malware in sbrugna...

6.4CVSS6.4AI score0.02544EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/04 12:56 a.m.5 views

CVE-2025-60445

A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 9:46 p.m.2 views

CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...

5.4CVSS6.5AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-32298

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00213EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-43318

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01048EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-45813

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00969EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1663

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.0087EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-30796

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01096EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27223

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00265EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2090

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00692EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26701

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder