Lucene search
K

946 matches found

NVD
NVD
added 2026/02/27 12:16 a.m.4 views

CVE-2026-20733

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00272EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:15 a.m.3 views

CVE-2026-25774

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 12:3 a.m.11 views

CVE-2026-27773

Technical details about CVE-2026-27773 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

6.9CVSS5.2AI score0.00272EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.2 views

PT-2026-22245

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.5CVSS5.2AI score0.00272EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:50 p.m.3 views

CVE-2026-22890

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:38 p.m.3 views

CVE-2026-20733

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:10 p.m.2 views

CVE-2026-20791

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 10:57 p.m.6 views

EUVD-2026-8921

Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...

7.5CVSS5.5AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21780

Name of the Vulnerable Software and Affected Versions Altec DocLink version 4.0.336.0 Description The software has insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and...

10CVSS6.2AI score0.00739EPSS
Exploits0References7
Veracode
Veracode
added 2026/02/23 8:5 a.m.7 views

Remote Code Execution (RCE)

Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...

5.4CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.5 views

CVE-2025-70151

code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints updateprofilepicture.php and uploadpicture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied...

8.8CVSS6.8AI score0.00589EPSS
Exploits1References3
NVD
NVD
added 2026/02/17 6:16 a.m.13 views

CVE-2026-1657

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the uploadfilemedia AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, or...

5.3CVSS0.00379EPSS
Exploits3References6
NVD
NVD
added 2026/02/11 3:16 p.m.11 views

CVE-2025-12059

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...

9.8CVSS0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.12 views

Logo j-Platform 安全漏洞

Logo j-Platform is an enterprise resource planning platform developed by the Turkish company Logo. Versions of Logo j-Platform from 3.29.6.4 to 13112025 contain security vulnerabilities. These vulnerabilities stem from the insertion of sensitive information into externally accessible files or...

9.8CVSS5.8AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 6:28 p.m.4 views

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.11 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.8CVSS8.5AI score0.00681EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

6.1AI score0.00681EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.11 views

Monstra CMS 安全漏洞

Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...

8.8CVSS7.7AI score0.00681EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.25 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

0.00681EPSS
Exploits2References2
CVE
CVE
added 2026/02/05 12:0 a.m.13 views

CVE-2025-69906

CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...

8.8CVSS8.6AI score0.00681EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder