Lucene search
+L

4 matches found

Nuclei
Nuclei
added 10 hours ago18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6AI score0.0306EPSS
Exploits1References1
Circl
Circl
added 2025/06/16 9:2 p.m.24 views

CVE-2024-36858

creationtimestamp| type| source ---|---|--- 2025-06-16 21:02:25+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lrquv7dmcn2i 2026-02-16 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-02-16 2026-06-19 12:45:39+00:00| exploited|...

9.8CVSS5.7AI score0.0306EPSS
In wildExploits1References4
NVD
NVD
added 2024/06/04 7:20 p.m.22 views

CVE-2024-36858

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.4AI score0.0306EPSS
Exploits1References1
CVE
CVE
added 2024/06/04 6:26 p.m.80 views

CVE-2024-36858

Summary: CVE-2024-36858 affects Jan v0.4.12 via the /v1/app/writeFileSync endpoint, where an arbitrary file upload vulnerability allows an attacker to execute arbitrary code. The root cause is an insecure file upload interface that does not sufficiently validate uploaded content. The impact is de...

9.8CVSS8AI score0.0306EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder