Lucene search
K

2138 matches found

NVD
NVD
added yesterday9 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS
Exploits0References5
Cvelist
Cvelist
added yesterday33 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2022-50973

Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...

9.8CVSS6.2AI score
In wildExploits0References5
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score
Exploits0References5Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2022-56009

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score
Exploits0References5
CVE
CVE
added yesterday14 views

CVE-2024-14037

Redsea Cloud eHR contains an unauthenticated arbitrary file upload vulnerability (CVE-2024-14037) affecting the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST with a JSP webshell disguised by a spoofed image/jpeg Content-Type to bypass extension/MIME validation, uploading the...

9.8CVSS6.5AI score
In wildExploits0References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2024-55646

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score
Exploits0References4
Nuclei
Nuclei
added yesterday11 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00581EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-54885

Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1225 Description An unauthenticated remote attacker can execute arbitrary SQL queries due to improper input validation and unsafe SQL query construction. The issue occurs at the 'user' endpoint through...

9.8CVSS6.6AI score0.00581EPSS
Exploits1References9
NVD
NVD
added 2026/06/18 6:16 p.m.14 views

CVE-2026-54390

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS0.00333EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 5:33 p.m.8 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS6.2AI score0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 5:33 p.m.21 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS0.00333EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 5:33 p.m.67 views

CVE-2026-54390

Technical details are not publicly available in the provided documents. Monitor for updates from the connected sources.

9.8CVSS5.8AI score0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS
Exploits0References9
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-59872

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

9.8CVSS0.00454EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

7.5CVSS6.1AI score0.00387EPSS
Exploits1References14
Rows per page
Query Builder