Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/04/13 6:10 p.m.20 views

CVE-2026-40040 Pachno 1.0.6 Unrestricted File Upload Remote Code Execution

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...

8.8CVSS0.00474EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.8 views

CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

8.8CVSS6.4AI score0.01447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.10 views

CVE-2021-47753

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.8CVSS8.4AI score0.00671EPSS
Exploits1References1
OSV
OSV
added 2026/01/15 4:16 p.m.5 views

CVE-2021-47753

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.3CVSS6.1AI score0.00671EPSS
Exploits1References3
OSV
OSV
added 2025/01/27 10:15 p.m.3 views

CVE-2025-24169

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication...

7.5CVSS5.7AI score0.00714EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2020/05/21 12:0 a.m.148 views

Gym Management System 1.0 Remote Code Execution

Exploit Title: Gym Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: May 21th, 2020 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Teste...

Exploits0
CVE
CVE
added 2019/02/19 5:0 p.m.261 views

CVE-2019-5778

CVE-2019-5778 affects Google Chrome/Chromium extensions. The available description states a missing case in handling special schemes during permission request checks in Extensions, allowing bypass of extension permission checks for privileged pages via a crafted Chrome Extension (pre 72.0.3626.81...

6.5CVSS5.9AI score0.01014EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/06/07 12:0 a.m.18 views

Google Chrome < 59.0.3071.86 Multiple Vulnerabilities

Binary data 700131.pasl...

8.8CVSS5.8AI score0.31212EPSS
Exploits1References2
CNVD
CNVD
added 2017/06/07 12:0 a.m.1 views

easyadmin v1.0.5 comment.php has an arbitrary file upload vulnerability

EAdmin Minimalist Community is a free and open source, fast and simple community program that was created to quickly build a community and communication platform. easyadmin v1.0.5 comment.php has an arbitrary file upload vulnerability. The vulnerability occurs because the data submitted by visito...

7.2AI score
Exploits0
0day.today
0day.today
added 2012/01/30 12:0 a.m.28 views

Ajax Upload Arbitrary File Upload

Exploit for multiple platform in category web applications Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested o...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/30 12:0 a.m.41 views

Ajax Upload Shell Upload

Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/30 12:0 a.m.29 views

Ajax Upload - Arbitrary File Upload

Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...

7.4AI score
Exploits0
Rows per page
Query Builder