Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-42050

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The file upload endpoint "/api/attachments/process" does not enforce active-content restrictions for authenticated users. The system fails to properly check for dangerous file extensions when the...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 9:16 a.m.6 views

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

8.8CVSS0.00621EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-2885

Malware in sbrugna...

7.5CVSS6.4AI score0.08944EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-10299

Malware in sbrugna...

6.1CVSS6.7AI score0.0151EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-2980

Malware in sbrugna...

10CVSS6AI score0.08204EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-2955

Malware in sbrugna...

4.6CVSS6.4AI score0.00777EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-0939

Malware in sbrugna...

6.5CVSS6.4AI score0.02269EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.7 views

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS6.5AI score0.26184EPSS
Exploits7References1
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.85 views

class.upload.php in verot.net omits .pht from the set of dangerous file extensions

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS2AI score0.04153EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2020/02/28 1:10 a.m.38 views

GHSA-2GC7-W4HW-RR2M class.upload.php in verot.net omits .pht from the set of dangerous file extensions

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS9.4AI score0.04153EPSS
Exploits3References4
OSV
OSV
added 2020/01/16 10:17 p.m.28 views

GHSA-R5GM-4P5W-PQ2P Remote code execution in verot/class.upload.php

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS9.4AI score0.26184EPSS
Exploits7References11
Github Security Blog
Github Security Blog
added 2020/01/16 10:17 p.m.72 views

Remote code execution in verot/class.upload.php

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS2.9AI score0.26184EPSS
Exploits7References12Affected Software1
OSV
OSV
added 2019/12/17 6:15 p.m.25 views

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS6.7AI score0.04153EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/12/17 5:11 p.m.29 views

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.5AI score0.04153EPSS
Exploits3References3
OSV
OSV
added 2019/12/04 6:15 p.m.17 views

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS9.4AI score0.26184EPSS
Exploits7References10
OSV
OSV
added 2011/08/09 8:55 p.m.6 views

UBUNTU-CVE-2011-3012

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...

10CVSS6.2AI score0.08204EPSS
Exploits1References2
OSV
OSV
added 2011/08/09 8:55 p.m.3 views

DEBIAN-CVE-2011-3012

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...

10CVSS7.7AI score0.08204EPSS
Exploits1References1
OSV
OSV
added 2011/08/09 8:55 p.m.5 views

CVE-2011-3012

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...

7.4AI score
Exploits0References8
Prion
Prion
added 2011/08/09 8:55 p.m.19 views

Design/Logic Flaw

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...

10CVSS7.7AI score0.0869EPSS
Exploits3References8Affected Software3
Rows per page
Query Builder