CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/04 3:11 a.m.•7 views

CVE-2026-1791

CVE-2026-1791 concerns Hillstone Networks products: Operation and Maintenance Security Gateway on Linux with vulnerable versions V5.5ST00001B113 and Hillstone Networks Security Gateway V5.5. The flaw is an unrestricted file upload of a dangerous file type, enabling an attacker to upload a web she...

Vulnrichment•added 2026/02/04 3:11 a.m.•2 views

CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

Cvelist•added 2026/02/04 3:11 a.m.•24 views

CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

2.7CVSS0.0002EPSS

EUVD•added 2026/02/04 3:11 a.m.•2 views

EUVD-2026-5355

Positive Technologies•added 2026/02/04 12:0 a.m.•3 views

PT-2026-6058

Name of the Vulnerable Software and Affected Versions Hillstone Networks Operation and Maintenance Security Gateway versions V5.5ST00001B113 Hillstone Networks Security Gateway version V5.5 Description The software contains a flaw related to unrestricted file uploads, potentially allowing an...

Cvelist•added 2026/02/03 10:1 p.m.•26 views

Exploits0References5

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS0.00138EPSS

Exploits1References3

CVE•added 2026/02/03 10:1 p.m.•9 views

CVE-2020-37073

Victor CMS 1.0 has an authenticated file-upload flaw in the user_image parameter. The vulnerability allows an administrator to upload arbitrary PHP files (a PHP shell) to the /img/ directory, enabling command execution when the uploaded file is accessed with a cmd parameter. The issue is describe...

8.8CVSS5.8AI score0.00138EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/03 6:16 p.m.•3 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.6AI score

Exploits0References4

NVD•added 2026/02/03 6:16 p.m.•1 views

CVE-2020-37113

8.8CVSS0.00318EPSS

CVE•added 2026/02/03 4:52 p.m.•10 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 is affected by a file upload extension bypass vulnerability. Authenticated users can rename a PHP file to .php3 or .PhP to bypass the exercise submission file-type checks, upload a web shell, and achieve remote code execution on the server. This is documented across CVE-202...

Exploits1References4Affected Software1

ATTACKERKB•added 2026/02/03 4:52 p.m.•2 views

CVE-2020-37113

Vulnrichment•added 2026/02/03 4:52 p.m.•2 views

CVE-2020-37113 GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

EUVD•added 2026/02/03 4:52 p.m.•2 views

EUVD-2020-30982

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5858

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web...

8.8CVSS6AI score0.00318EPSS

Exploits1References6

OSV•added 2026/02/02 9:52 p.m.•2 views

GHSA-GP56-F67F-M4PX CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

9.9CVSS6.5AI score0.00183EPSS

Positive Technologies•added 2026/02/02 12:0 a.m.•4 views

PT-2026-6425

9.9CVSS6.6AI score0.00183EPSS

Exploits1References5

CVE•added 2026/01/29 2:28 p.m.•8 views

CVE-2020-37009

CVE-2020-37009 affects MedDream PACS Server 6.8.3.751. The connected records confirm an authenticated remote code execution vulnerability where an authorized user can upload PHP files via the uploadImage.php endpoint, enabling execution of arbitrary system commands with elevated privileges. CVSS ...

8.8CVSS6.7AI score0.00392EPSS

Exploits0References3

Cvelist•added 2026/01/29 2:28 p.m.•27 views

CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS0.00392EPSS

Exploits0References3

Vulnrichment•added 2026/01/28 6:7 p.m.•2 views

CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

8.9CVSS5.9AI score0.00035EPSS