Lucene search
K

31 matches found

EUVD
EUVD
added 2025/10/22 6:52 a.m.6 views

EUVD-2025-35333

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS6.7AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 6:52 a.m.4 views

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS6.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4010

Malware in sbrugna...

6.8CVSS6.4AI score0.01165EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2005-2438

Malware in sbrugna...

5CVSS6.4AI score0.01351EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3157

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00455EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32280

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00765EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/07/01 1:51 p.m.16 views

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...

8.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.6 views

CVE-2023-0350

Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type...

6.5CVSS6.5AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:32 p.m.16 views

GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9.3CVSS9.4AI score0.01245EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/07/29 4:32 p.m.20 views

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9CVSS8.4AI score0.01245EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/07/29 2:29 p.m.21 views

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

9CVSS7AI score0.01245EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2024/07/29 12:0 a.m.21 views

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9CVSS8.4AI score0.01245EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.5 views

PT-2024-5487 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.10 Description: A Remote Code Execution issue exists in the Message module of the Admidio Application. This is due to the lack of file extension verification, allowing malicious files to be uploaded to the server...

9.3CVSS8.7AI score0.01245EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27265 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...

8.8CVSS7.3AI score0.00765EPSS
Exploits0References5
Prion
Prion
added 2021/12/27 6:15 p.m.12 views

Cross site scripting

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

3.5CVSS5.3AI score0.00887EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/12/27 6:5 p.m.24 views

CVE-2021-43855 Stored XSS via SVG in Requarks/wiki

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

8.2CVSS7.9AI score0.00887EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/09/14 11:40 a.m.28 views

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

9.7AI score0.01543EPSS
Exploits0References1
Prion
Prion
added 2020/05/20 7:15 p.m.20 views

Unrestricted file upload

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

7.2CVSS7.5AI score0.00455EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/01/23 3:20 p.m.6 views

chromium-browser: extension message verification error

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension...

8.8CVSS7.3AI score0.01195EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2017/06/08 12:9 a.m.44 views

Security update for chromium (important)

This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...

0.6AI score0.31212EPSS
Exploits1References1
Rows per page
Query Builder