Lucene search
K

973 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

Aranda Service Desk Web Edition 安全漏洞

Aranda Service Desk Web Edition is a process management support system developed by the American company Aranda. There is a security vulnerability in Aranda Service Desk Web Edition, which stems from improper validation of uploaded files, potentially allowing remote code execution...

8.8CVSS6.1AI score0.00612EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

WordPress plugin Drag and Drop Multiple File Upload - Contact Form 7 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.1CVSS6.1AI score0.00553EPSS
Exploits0References4
NVD
NVD
added 2026/03/04 9:15 a.m.14 views

CVE-2026-3094

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.14 views

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a code execution vulnerability that originates from insufficient user-supplied file validation, which can be exploited by an attacker to execute code...

7.8CVSS6.3AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.12 views

PT-2026-22885

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description Delta Electronics CNCSoft-G2 does not properly validate user-supplied files. An attacker can exploit this by having a user open a malicious file, potentially leading to...

7.8CVSS6.2AI score0.00351EPSS
Exploits0References7
CVE
CVE
added 2026/02/24 2:13 p.m.22 views

CVE-2025-10010

The CVE affects the CPSD CryptoPro Secure Disk: during boot, a small Linux OS validates integrity via IMA, but configuration files are not validated by IMA. This can allow an attacker with physical access to alter config files on the unencrypted partition, enabling arbitrary code execution as roo...

6.8CVSS6.2AI score0.00254EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.6 views

PT-2026-21741

Name of the Vulnerable Software and Affected Versions CPSD CryptoPro Secure Disk affected versions not specified Description The CPSD CryptoPro Secure Disk application utilizes a small Linux operating system for user authentication prior to BitLocker decryption of the Windows partition. The Linux...

6.8CVSS5.8AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 11:16 p.m.13 views

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS0.00814EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:9 p.m.5 views

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:9 p.m.4 views

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/03 10:9 p.m.14 views

CVE-2020-37084

CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin OS DataHub Maps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

8.8CVSS6.1AI score0.0052EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/29 5:31 p.m.4 views

CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

7.3CVSS6.1AI score0.00453EPSS
Exploits2References4
NVD
NVD
added 2026/01/23 10:16 p.m.10 views

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...

9.8CVSS0.00832EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.2 views

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...

9.8CVSS6AI score0.00832EPSS
Exploits1References3
CVE
CVE
added 2026/01/23 12:0 a.m.20 views

CVE-2025-70457

Sourcecodester Modern Image Gallery App v1.0 is affected by an RCE in gallery/upload.php due to improper validation of uploaded files and retention of user-specified extensions, allowing an unauthenticated attacker to upload PHP code by masquerading the MIME type as an image, potentially fully co...

9.8CVSS6.1AI score0.00832EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/16 12:30 a.m.7 views

EUVD-2011-5271

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

9.3CVSS7.6AI score0.008EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

Stack Ideas EasyDiscuss Code Issues and Vulnerabilities

Stack Ideas EasyDiscuss is a Q&A and forum component provided by the Malaysian company Stack Ideas. Stack Ideas EasyDiscuss has code vulnerabilities, which stem from improper file validation during user file uploads. This could lead to the upload of arbitrary files...

8.8CVSS6AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

WordPress plugin Uploadify 代码问题漏洞

WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...

9.3CVSS6.2AI score0.008EPSS
Exploits0References5
CVE
CVE
added 2026/01/08 2:21 a.m.19 views

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

9.8CVSS7.2AI score0.00597EPSS
Exploits0References5
Rows per page
Query Builder