Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/03 8:57 a.m.5 views

CVE-2025-13516

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...

8.1CVSS7.4AI score0.00891EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

PRIMX ZONECENTRAL 安全漏洞

PRIMX ZONECENTRAL is an application from PRIMX, Inc. uses encryption to provide confidentiality services that apply to all documents in an organization. A security vulnerability exists in PRIMX ZONECENTRAL version 2024.3 and earlier and Q.2021.2 and earlier, which stems from the fact that a...

7.8CVSS6.8AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 1:41 p.m.111 views

CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

10CVSS9.9AI score0.0459EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/06 12:0 a.m.5 views

The vulnerability of the conf_id parameter in the TrueConf Server software lies in the possibility of bypassing the path in the script /client/upsld/v1. This allows a perpetrator to execute arbitrary code by writing a specially crafted php file into a folder accessible through the web interface.

The vulnerability of the confid parameter in the TrueConf Server software relates to the possibility of bypassing the path in the script /client/upsld/v1. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a specially crafted php file to a folder accessibl...

10CVSS6AI score
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/09/17 3:1 a.m.18 views

Insecure Session Management

github.com/astaxie/beego uses an insecure session management. The excessive permissions configured on session files allows a local attacker to manipulate and modify session files before the application creates it in the world-accessible folder...

4.7CVSS2.4AI score0.00199EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder