Lucene search
K

30 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-11207

Malware in sbrugna...

9.8CVSS9.2AI score0.0173EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-31709

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.0056EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-33432

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.0102EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.8 views

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

6.1CVSS6.8AI score0.0042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.13 views

CVE-2022-29001

In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability...

7.2CVSS7.1AI score0.0102EPSS
Exploits1References1
Prion
Prion
added 2024/02/01 2:15 p.m.13 views

Design/Logic Flaw

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

4.9CVSS7.1AI score0.0042EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/01 12:0 a.m.7 views

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

6.8AI score0.0042EPSS
Exploits1References1
OSV
OSV
added 2023/07/11 3:15 p.m.18 views

CVE-2023-37658

fast-poster v2.15.0 is vulnerable to Cross Site Scripting XSS. File upload check binary of img, but without strictly check file suffix at /server/fast.py - ApiUploadHandler.post causes stored XSS...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2023/07/11 3:15 p.m.24 views

Cross site scripting

fast-poster v2.15.0 is vulnerable to Cross Site Scripting XSS. File upload check binary of img, but without strictly check file suffix at /server/fast.py - ApiUploadHandler.post causes stored XSS...

4.9CVSS5.1AI score0.00332EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.2 views

fastposter 跨站脚本漏洞

fastposter is fastposter open source a rapid development of posters. fastposter v2.15.0 version has a security vulnerability , the vulnerability stems from the file upload check does not strictly check the file suffix , vulnerable to stored cross-site scripting XSS attacks...

5.4CVSS5.2AI score0.00332EPSS
Exploits1References2
OSV
OSV
added 2022/02/09 4:15 p.m.11 views

CVE-2021-44912

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...

5.4CVSS6AI score
Exploits0References1
Prion
Prion
added 2022/02/09 4:15 p.m.12 views

Unrestricted file upload

XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restrict...

3.5CVSS5.4AI score0.0056EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/02/09 4:15 p.m.10 views

Cross site scripting

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...

3.5CVSS5.4AI score0.00479EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/18 7:44 p.m.39 views

Cross site scripting in kindeditor

Cross SIte Scripting XSS vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor the file suffix is allowed...

6.1CVSS2.2AI score0.00907EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/10/14 4:35 p.m.60 views

CVE-2021-42227

CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...

6.1CVSS5.9AI score0.00907EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/08/03 7:29 p.m.12 views

Unrestricted file upload

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...

6.5CVSS7.1AI score0.01102EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2017/04/14 12:0 a.m.26 views

Pixie CMS 1.04 arbitrary file upload

Pixie CMS 1.04 background the presence of arbitrary file upload vulnerability Vulnerability analysis: In Publish File Manager module you can upload any file View Code /admin/admin/modules/modfilemanager.php $multiupload-extensions = array '. png', '. jpg', '. gif', '. zip', '. mp3', '. pdf', '...

7.2AI score
Exploits0
OSV
OSV
added 2013/11/23 6:55 p.m.2 views

DEBIAN-CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS6.8AI score0.02877EPSS
Exploits0References1
OSV
OSV
added 2013/11/23 6:55 p.m.4 views

ALPINE-CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS6.8AI score0.02877EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/11/23 6:55 p.m.22 views

CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS5.9AI score0.02877EPSS
Exploits0References1
Rows per page
Query Builder