Lucene search
K

116 matches found

AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.9 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.5 views

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

9.1CVSS5.9AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:17 a.m.4 views

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

9.1CVSS5.9AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 12:0 a.m.35 views

CVE-2025-65297

The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...

7.5CVSS6.5AI score0.0017EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/23 6:59 a.m.22 views

CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS7.1AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 6:52 a.m.6 views

EUVD-2025-35333

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS6.7AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 6:52 a.m.16 views

CVE-2025-41720

CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...

4.3CVSS6.8AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.2 views

Sauter modu680-AS 安全漏洞

Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in Sauter modu680-AS, which stems from validating only file extensions and could lead to the upload of arbitrary data by a low-privileged remote attacker...

4.3CVSS7AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21886

Malware in sbrugna...

7.5CVSS7.5AI score0.009EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4601

Malware in sbrugna...

3.3CVSS4.4AI score0.00365EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16078

Malware in sbrugna...

9.8CVSS9.5AI score0.02808EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6194

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0061EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.5 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE versions prior to 18.2.7,...

7.5CVSS9.1AI score0.00559EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-6595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1...

5.3CVSS5.5AI score0.00462EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-13033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be use...

3.3CVSS6.3AI score0.00365EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:3 a.m.4 views

CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

6.5CVSS7.2AI score0.00543EPSS
Exploits1References1
OSV
OSV
added 2025/05/09 12:42 p.m.6 views

OESA-2025-1469 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.1AI score0.88482EPSS
Exploits1References6
Citrix
Citrix
added 2025/04/03 12:0 a.m.12 views

uberAgent - CVAD Site not visible in Splunk

Splunk dashboard CVAD/DaaS Applications & Desktops does not display CVAD Site on the list. There is no issue with data upload from agent to Splunk as other DDC metrics are available. uberAgent.log file located in C:\Windows\Temp on the Delivery Controller shows the error if you search for:...

6.9AI score
Exploits0
NVD
NVD
added 2025/03/05 12:15 a.m.4 views

CVE-2025-23410

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...

9.8CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 11:58 p.m.11 views

CVE-2025-23410 GMOD Apollo Relative Path Traversal

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...

9.8CVSS0.0061EPSS
Exploits0References1
Rows per page
Query Builder