Lucene search
+L

315 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14793

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42415

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-54929

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01619EPSS
Exploits1References3
OSV
OSV
added 2025/08/28 4:15 p.m.5 views

CVE-2024-13986

Nagios XI 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename...

8.8CVSS6.4AI score0.01619EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/13 8:54 p.m.8 views

CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter,...

9.3CVSS8.3AI score0.02801EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.12 views

PT-2025-33089 · Unknown · Umbraco Cms

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 4.7.1 Description: Umbraco CMS versions prior to 4.7.1 are susceptible to unauthenticated remote code execution through the codeEditorSave.asmx API endpoint. This endpoint exposes a SaveDLRScript operation that...

9.3CVSS7.7AI score0.02801EPSS
Exploits1References9
NVD
NVD
added 2025/08/08 7:15 p.m.11 views

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

9.3CVSS0.01141EPSS
Exploits0References6
CVE
CVE
added 2025/08/08 6:14 p.m.31 views

CVE-2012-10045

XODA 0.4.5 contains an unauthenticated file upload vulnerability in the upload functionality. An attacker can upload a PHP file to the web-accessible files/ directory and trigger execution via a subsequent GET request, leading to remote code execution. Remediation/patch status not provided in the...

9.3CVSS7.7AI score0.01141EPSS
Exploits0References6
CVE
CVE
added 2025/08/08 6:12 p.m.31 views

CVE-2012-10036

CVE-2012-10036 affects Project Pier

9.3CVSS7.5AI score0.01245EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/08 6:10 p.m.14 views

CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS0.01145EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.7 views

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows a hacker to gain unauthorized access to protected information beyond the web directory

Vulnerability of the main and fileman modules of the CMS system: Website management is related to vulnerabilities in path name restrictions for directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information beyond the web directory...

6.8CVSS5.5AI score
Exploits0References1Affected Software3
RedhatCVE
RedhatCVE
added 2025/05/23 5:55 a.m.9 views

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

7.5CVSS7.2AI score0.00804EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.6 views

CVE-2023-33518

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...

5.3CVSS6.8AI score0.00456EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:4 p.m.8 views

CVE-2025-39567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through = 1.7.8...

7.1CVSS7.2AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.7 views

CVE-2025-39567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through = 1.7.8...

7.1CVSS0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:46 p.m.6 views

CVE-2025-39567 WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8...

7.1CVSS6.9AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:46 p.m.43 views

CVE-2025-39567

CVE-2025-39567 targets Shamalli Web Directory Free (WordPress plugin)

7.1CVSS7.2AI score0.00208EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/17 9:0 a.m.4 views

WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Web Directory Free versions = 1.7.8...

7.1CVSS6.9AI score0.00208EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.4 views

PT-2025-17184 · Unknown · Shamalli Web Directory Free

Name of the Vulnerable Software and Affected Versions: Shamalli Web Directory Free versions 1.7.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

7.1CVSS7.4AI score0.00208EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

WordPress plugin Web Directory Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder