CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2026/04/22 9:31 a.m.•1 views

EUVD-2026-24631

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

7.5CVSS5.8AI score0.00115EPSS

Exploits0References2

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34265

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.421 Description RadAsyncUpload contains an uncontrolled resource consumption issue. This occurs because of missing cumulative size enforcement during chunk reassembly, which allows file uploads to...

7.5CVSS5.8AI score0.00115EPSS

Exploits0References4

EUVD•added 2026/02/25 3:31 p.m.•2 views

EUVD-2026-8655

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering...

5.3CVSS5.4AI score0.00013EPSS

Exploits0References2

CVE•added 2024/07/29 6:0 a.m.•124 views

CVE-2024-6366

The CVE concerns the WordPress plugin User Profile Builder (cozmoslabs) prior to version 3.11.8, where improper authorization allows unauthenticated users to upload media files via the async upload feature. Affected: User Profile Builder

9.1CVSS6.6AI score0.91317EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2024/07/29 12:0 a.m.•7 views

PT-2024-37570 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: User Profile Builder WordPress plugin versions prior to 3.11.8 Description: The issue allows unauthenticated users to upload media files via the async upload functionality of WordPress due to a lack of proper authorization. Recommendations: F...

9.1CVSS6.9AI score0.91317EPSS

Exploits2References6

OSV•added 2021/10/07 2:15 p.m.•0 views

CVE-2021-3832

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload function in order to exploit the vulnerability...

9.8CVSS7.4AI score

Exploits0References2

OSV•added 2019/06/03 8:29 p.m.•1 views

CVE-2019-12377

A vulnerable upl/asyncupload.asp web API endpoint in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution...

9.8CVSS6.1AI score0.08261EPSS

Exploits1References2

Positive Technologies•added 2017/08/22 12:0 a.m.•5 views

PT-2017-3938

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file...

10CVSS10AI score0.91967EPSS

Exploits8References23

OSV•added 2011/03/14 7:55 p.m.•3 views

DEBIAN-CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS6.2AI score0.01555EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by