Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2025/05/05 2:55 p.m.12 views

October CMS Allows Unprotected SVG Rename in Media Manager

Impact This advisory affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with ...

4.9CVSS6.7AI score0.00313EPSS
Exploits0References3Affected Software2
CVE
CVEadded 2024/10/24 7:47 a.m.68 views

CVE-2024-6049

The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...

7.5CVSS7.7AI score0.72938EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/06/19 12:0 a.m.16 views

CVE-2023-35844

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used...

7.8AI score0.9204EPSS
Exploits2References4
NVD
NVDadded 2023/05/30 6:15 p.m.9 views

CVE-2023-32689

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

6.5CVSS6.2AI score0.0039EPSS
Exploits0References3
Packet Storm
Packet Stormadded 2022/02/21 12:0 a.m.251 views

Microweber 1.2.11 Shell Upload

Exploit Title: Microweber 1.2.11 - Remote Code Execution RCE Authenticated Google Dork: NA Date: 02/17/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber Version: 1.2.11 Tested on: KALI OS CVE :...

9CVSS7.2AI score0.1686EPSS
Exploits4
Microsoft CVE
Microsoft CVEadded 2019/05/14 7:0 a.m.47 views

Microsoft Dynamics On-Premise Security Feature Bypass

A security feature bypass vulnerability exists in Dynamics On Premise. An attacker who exploited the vulnerability could send attachment types that are blocked by the email attachment system. To exploit the vulnerability, an attacker would need to capture and edit the POST request to include a...

5.9CVSS2.7AI score0.09201EPSS
Exploits0
seebug.org
seebug.orgadded 2008/06/28 12:0 a.m.12 views

Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

7.1AI score
Exploits0
Rows per page
Query Builder