Lucene search
K

4 matches found

NVD
NVD
added 7 hours ago6 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 9:9 p.m.42 views

CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...

7.5CVSS0.03212EPSS
Exploits3References3
OSV
OSV
added 2018/02/09 10:29 p.m.3 views

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...

6.1CVSS5.8AI score0.01223EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2005/11/08 12:0 a.m.23 views

phpfm.txt

upload phpshell in PHPFM discovered by rUnViRuS www.worlddefacers.net www.security-arab.com =-=-=-=-=-=-=-=-= the code shell :- --------------- save as cmd.php now upload in PHPFM =-=-=-= Used Shell =-=-=-= www.site.com/file upload name/files/cmd.php?cmd=command linux...

Exploits0
Rows per page
Query Builder