Lucene search
K

41 matches found

CVE
CVE
added 4 days ago11 views

CVE-2026-8801

Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.

9.8CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.9 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/13 12:0 a.m.10 views

CVE-2026-31424

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...

5.5CVSS6AI score0.00117EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/20 5:39 a.m.6 views

Improper Input Validation

code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...

8.2CVSS7.2AI score0.00295EPSS
Exploits0References5Affected Software3
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.18 views

CVE-2009-4444

Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...

6CVSS6.9AI score0.63627EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3443

Malware in sbrugna...

9.3CVSS6.3AI score0.03273EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions that stems from improper access control of the Web Extension...

8.1CVSS6.7AI score0.0047EPSS
Exploits0References2
Brave Browser
Brave Browser
added 2024/08/22 7:4 a.m.25 views

Brave Desktop 1.69.153 Security Fixes

Implemented process hardening for the Brave VPN services on Windows. - Implemented a trusted source check for "Elevator::InstallVPNServices". - Updated code to use JSON serialization to escape all unsafe symbols in SpeedReader. - Limited extension features to allow listed extensions. Upgraded...

5.9AI score
Exploits0References5Affected Software1
NVD
NVD
added 2024/04/22 9:15 p.m.17 views

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

6.5CVSS6.9AI score0.00759EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.10 views

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

7.2AI score0.00759EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.24 views

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

7.1AI score0.00759EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.43 views

Oracle Linux 6 / 7 : php54 (ELSA-2015-1066)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1066 advisory. - fix use after free CVE-2015-1351 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

10CVSS7.2AI score0.53166EPSS
Exploits43References29
OSV
OSV
added 2023/04/11 3:58 p.m.8 views

SUSE-SU-2023:1819-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR bsc1210212 - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured -...

9.8CVSS7.7AI score0.00974EPSS
Exploits0References14
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.465 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...

7.3AI score0.02248EPSS
Exploits3
OSV
OSV
added 2019/09/14 6:15 p.m.25 views

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

8.8CVSS8.6AI score
Exploits0References2
CVE
CVE
added 2019/09/14 5:1 p.m.88 views

CVE-2019-16318

Technical details for CVE-2019-16318 are not publicly available in the provided documents. Monitor Pimcore advisories and related sources for updates on affected versions, impact, and remediation.

8.8CVSS8.4AI score0.01399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/14 5:1 p.m.46 views

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

8.6AI score0.01399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.71 views

PHP 5.6.x < 5.6.9 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0'...

7.5CVSS9.7AI score0.50129EPSS
Exploits6References7
Packet Storm
Packet Storm
added 2018/01/08 12:0 a.m.52 views

WordPress LearnDash 2.5.3 File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/05/13 12:0 a.m.5 views

LMCMS Backend Arbitrary File Upload Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

7AI score
Exploits0
Rows per page
Query Builder