18975 matches found
CVE-2026-34735 Hytale Modding Vulnerable to Remote Code Execution via File Upload Bypass in `FileController`
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...
CVE-2026-34577
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is url.endsWith'mp4', which is trivially bypassable by...
CVE-2026-20095
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...
CVE-2026-20093
A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Cisco has released updates to address a critical security flaw in the Integrated Management Controller IMC that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked a...
EUVD-2026-18258
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...
CVE-2026-2701
Progress ShareFile Storage Zones Controller (SZC) is affected by CVE-2026-2701: authenticated users can upload a file that is then executed on the server, enabling remote code execution. The issue is tied to the SZC component and is documented across multiple sources as an RCE risk. Remediation i...
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers...
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...
CVE-2024-53828
Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
Progress ShareFile Storage Zones Controller 代码问题漏洞
Progress ShareFile Storage Zones Controller is a file storage zone management control component developed by the American company Progress. There is a code vulnerability in Progress ShareFile Storage Zones Controller. This vulnerability stems from the fact that authenticated users can upload...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the MediaBrowserController::index method, which did not validate path traversal when handling file deletio...
Progress ShareFile Storage Zones Controller 安全漏洞
Progress ShareFile Storage Zones Controller is a file storage zone management control component developed by the American company Progress. There is a security vulnerability in Progress ShareFile Storage Zones Controller. This vulnerability stems from improper access control, which may allow...
Directory Traversal
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
Directory Traversal
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
EUVD-2026-17953
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...