Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2285

Malicious code in bioql PyPI...

7.8CVSS7.4AI score0.00322EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0433

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00436EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/02/14 4:53 a.m.4 views

SUSE CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

7.8CVSS6.9AI score0.00322EPSS
Exploits0References4
Metasploit
Metasploit
added 2024/11/21 6:54 p.m.624 views

ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution

This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicio...

9.8CVSS8AI score0.91559EPSS
Exploits4
OSV
OSV
added 2024/07/02 2:15 p.m.1 views

DEBIAN-CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

7.8CVSS5.9AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2024/07/02 2:15 p.m.8 views

UBUNTU-CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

7.8CVSS6AI score0.00322EPSS
Exploits0References6
OSV
OSV
added 2024/01/04 6:30 p.m.27 views

GHSA-V6F4-JWV9-682W class.upload.php allows cross-site scripting attacks via uploaded files

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

6.5CVSS5.2AI score0.00436EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/01/04 6:30 p.m.26 views

class.upload.php allows cross-site scripting attacks via uploaded files

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

5.4CVSS5.9AI score0.00436EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/04 4:15 p.m.3 views

CVE-2023-6551

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

5.4CVSS5.7AI score0.00436EPSS
Exploits0References2
NVD
NVD
added 2024/01/04 4:15 p.m.26 views

CVE-2023-6551

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

5.4CVSS5.3AI score0.00436EPSS
Exploits0References2
Prion
Prion
added 2024/01/04 4:15 p.m.18 views

Cross site scripting

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

4.9CVSS6AI score0.00436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/04 4:4 p.m.2 views

CVE-2023-6551 Stored XSS in class.upload.php

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

5.3AI score0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/04 4:4 p.m.38 views

CVE-2023-6551 Stored XSS in class.upload.php

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

5.4AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-15001 · Unknown · Class.Upload.Php

Name of the Vulnerable Software and Affected Versions: class.upload.php affected versions not specified Description: The issue is related to a stored XSS vulnerability in the default configuration of class.upload.php, a PHP library for managing image uploads. This vulnerability occurs because the...

6.5CVSS6AI score0.00436EPSS
Exploits0References10
Huntr
Huntr
added 2022/12/05 12:53 a.m.20 views

Insufficient Upload Filtering

Description The upload filter in Ampache 5.5.5 is insufficient and does not prevent authenticated users from uploading files with malicious extensions, which can lead to remote code execution RCE depending on the local server configuration. This vulnerability assumes several things which has been...

6.5CVSS6.5AI score0.00758EPSS
Exploits1
Rows per page
Query Builder