Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded 2026/04/28 1:13 p.m.8 views

CVE-2026-40552

CVE-2026-40552 affects mpGabinet ≤ 23.12.19 and describes a Remote Command Execution via processing an attachment. An authorized user with DB access can cause system command execution by uploading an attachment and modifying its storage path to reference an attacker-controlled remote resource, or...

4.7CVSS5.8AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:12 a.m.10 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

8.6CVSS6.8AI score0.00444EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2002-0407

Malware in sbrugna...

5CVSS6.4AI score0.02759EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-30689

Malicious code in bioql PyPI...

8.6CVSS8.5AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/06/14 3:23 p.m.21 views

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

4.6CVSS0.00362EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/01/29 9:20 a.m.28 views

CVE-2024-23792 Insufficient access control

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

5.3CVSS6.6AI score0.00345EPSS
Exploits0References1
NVD
NVDadded 2020/12/18 10:15 a.m.16 views

CVE-2020-26171

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them...

4.3CVSS4.6AI score0.00574EPSS
Exploits1References2
Cvelist
Cvelistadded 2010/04/20 3:0 p.m.19 views

CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the 1 attachment aka attachments, 2 index aka indexing, or 3 backup path and then uploading a file, as exploited in the wild in April 2010...

7.3AI score0.04436EPSS
Exploits0References8
exploitpack
exploitpackadded 2002/07/20 12:0 a.m.9 views

Microsoft Outlook Express 56 - Spoofable File Extensions

Microsoft Outlook Express 56 - Spoofable File Extensions source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe fi...

7.4AI score
Exploits0
Rows per page
Query Builder