Lucene search
+L

409 matches found

Veracode
Veracode
added 2025/06/05 6:8 a.m.9 views

Improper File Validation

umbraco.cms is vulnerable to improper file validation. The vulnerability is due to insufficient checks on uploaded file extensions, allowing bypass of configured restrictions via manipulated API requests...

6.5CVSS6.7AI score0.00159EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.10 views

CVE-2023-32689

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

6.5CVSS6.4AI score0.00639EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.14 views

CVE-2023-32679

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...

7.2CVSS8AI score0.01845EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.5 views

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

7.8CVSS6AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.8 views

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS6.5AI score0.26184EPSS
Exploits7References1
OSV
OSV
added 2025/04/29 2:15 p.m.11 views

UBUNTU-CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 138 and Thunderbir...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References6
CNVD
CNVD
added 2025/04/10 12:0 a.m.7 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05133)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability due to .zip files being processed through TryZipProviderSafe, which can be exploited by an attacker to cause the creation of files with other extensions...

9.8CVSS5.8AI score0.01412EPSS
Exploits3References1
OSV
OSV
added 2025/04/09 12:49 p.m.13 views

GHSA-Q62R-8PPJ-XVF4 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. Workarounds Umbraco supports the...

8.8CVSS6.8AI score0.00582EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/06 12:0 a.m.9 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

7.2CVSS7AI score0.01412EPSS
Exploits3References2
Cvelist
Cvelist
added 2025/04/06 12:0 a.m.19 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

7.2CVSS0.01412EPSS
Exploits3References2
CVE
CVE
added 2025/04/06 12:0 a.m.85 views

CVE-2025-32370

Kentico Xperience suffers from cross-site scripting vulnerabilities related to file uploads and content handling. The primary CVE entry (CVE-2025-32370) notes that Kentico Xperience before 13.0.178 restricts some ContentUploader extensions for unauthenticated uploads, but .zip processing via TryZ...

9.8CVSS7.1AI score0.01412EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2025/04/03 2:4 p.m.8 views

BIT-DOLIBARR-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

5.5CVSS5.6AI score0.00701EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/13 4:56 p.m.7 views

CVE-2025-22213

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...

7.1CVSS6.5AI score0.00453EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 5:16 p.m.12 views

CVE-2025-22213

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...

7.1CVSS0.00453EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/06 5:58 a.m.12 views

Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of file extensions, allowing an attacker to include a malicious pickle file with a non-standard extension that bypasses security checks...

9.8CVSS7.1AI score0.00365EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2025/03/03 6:38 p.m.24 views

CVE-2025-1889 picklescan - Security scanning bypass via non-standard file extensions

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...

5.3CVSS0.00365EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:35 p.m.13 views

CVE-2022-31041

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users e.g. only PDF / Excel / .... The input validation of uploaded fil...

7.6CVSS6.7AI score0.00748EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/15 12:0 a.m.10 views

The vulnerability of the “Allow All File Extensions” module in Drupal CMS systems stems from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the “Allow All File Extensions” module for file fields in Drupal CMS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2025/01/09 8:28 p.m.46 views

CVE-2024-13311

CVE-2024-13311 describes a vulnerability in Drupal related to the Allow All File Extensions for file fields feature. The consolidated records indicate Drupal’s file field extension filtering can be bypassed, enabling potential impact to file handling. The available metrics from the CVE entry show...

7.3CVSS7.2AI score0.00339EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Allow All File Extensions for file fields, which stems from the presence of an issue...

7.3CVSS6.8AI score0.00339EPSS
Exploits0References3
Rows per page
Query Builder