Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1015 matches found

Nuclei
Nucleiadded yesterday25 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7.1AI score0.06344EPSS
Exploits2References5
RedhatCVE
RedhatCVEadded 2026/06/05 7:22 p.m.5 views

CVE-2026-7247

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function fileextenasp of the file fileexten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The...

8.6CVSS7.3AI score0.00717EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/25 9:15 a.m.9 views

CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/25 9:15 a.m.18 views

CVE-2026-9445

CVE-2026-9445 affects SourceCodester Simple POS and Inventory System 1.0. The vulnerability is in an unrestricted upload through the /admin/addproduct.php file (File Extension Handler); manipulating the image argument enables remote code upload. Impact and exploitation details indicate remote exp...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/25 12:0 a.m.7 views

SourceCodester Simple POS and Inventory System 代码问题漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System 1.0 version of the code problem vulnerability , the vulnerability stems from the File Extension Handler component /admin/addproduct.php...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/05/19 7:57 p.m.10 views

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
CVE
CVEadded 2026/05/15 9:26 p.m.13 views

CVE-2026-45315

Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45315. Before version 0.9.3, the audio transcription upload endpoint accepts a user-supplied filename extension and saves the file under CACHE_DIR/audio/transcriptions, then serves /cache/{path} via FileResponse using the on-dis...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/15 9:26 p.m.7 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/15 9:26 p.m.32 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS0.0018EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/08 8:21 p.m.7 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References1
CVE
CVEadded 2026/05/07 6:14 p.m.18 views

CVE-2026-42214

Notepad Next (NotepadNext) before version 0.14 is affected by CVE-2026-42214. The vulnerability lies in detectLanguageFromExtension(), which inserts a file extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which executes...

7.8CVSS5.9AI score0.00242EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/04/29 5:16 p.m.2 views

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS0.00268EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/04/29 5:0 p.m.0 views

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/04/29 5:0 p.m.26 views

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS0.00268EPSS
Exploits1References5
CVE
CVEadded 2026/04/29 5:0 p.m.5 views

CVE-2026-7393

SourceCodester Pizzafy Ecommerce System 1.0 is affected in the admin_class_novo.php save_menu() function where the img upload parameter allows unrestricted uploads. The file path involved is Pizzafy/assets/img/, and an attacker with admin authentication could upload a crafted file (no validation ...

5.8CVSS5AI score0.00268EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/04/29 12:0 a.m.2 views

PT-2026-35959

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save menu of the file /admin/admin class novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References6
NVD
NVDadded 2026/04/28 9:16 a.m.3 views

CVE-2026-7247

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function fileextenasp of the file fileexten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The...

8.6CVSS0.00717EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/04/28 8:30 a.m.1 views

CVE-2026-7247 D-Link DI-8100 File Extension file_exten.asp file_exten_asp buffer overflow

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function fileextenasp of the file fileexten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The...

8.6CVSS7.3AI score0.00717EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/04/28 8:30 a.m.3 views

CVE-2026-7247

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function fileextenasp of the file fileexten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The...

8.6CVSS5.6AI score0.00717EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/04/28 8:30 a.m.11 views

CVE-2026-7247

CVE-2026-7247 affects D-Link DI-8100 firmware 16.07.26A1. The vulnerability is in the File Extension Handler’s file_exten.asp, specifically the function file_exten_asp, where manipulation of the Name argument causes a buffer overflow. This enables remote exploitation, with the exploit disclosed p...

8.6CVSS7.4AI score0.00717EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder