946 matches found
CVE-2026-20733
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-25774
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27773
Technical details about CVE-2026-27773 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
PT-2026-22245
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-22890
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-20733
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-20791
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
EUVD-2026-8921
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...
PT-2026-21780
Name of the Vulnerable Software and Affected Versions Altec DocLink version 4.0.336.0 Description The software has insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and...
Remote Code Execution (RCE)
Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...
CVE-2025-70151
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints updateprofilepicture.php and uploadpicture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied...
CVE-2026-1657
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the uploadfilemedia AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, or...
CVE-2025-12059
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...
Logo j-Platform 安全漏洞
Logo j-Platform is an enterprise resource planning platform developed by the Turkish company Logo. Versions of Logo j-Platform from 3.29.6.4 to 13112025 contain security vulnerabilities. These vulnerabilities stem from the insertion of sensitive information into externally accessible files or...
CVE-2026-23989 REVA Public Link Exploit
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
Monstra CMS 安全漏洞
Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...