Lucene search
K

949 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.10 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS7AI score0.00694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:50 a.m.9 views

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

5.4CVSS7AI score0.003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.4 views

CVE-2024-27525

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component...

4.6CVSS6.7AI score0.00383EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.4 views

CVE-2024-27524

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the newticket.php component...

7.1CVSS6.7AI score0.00699EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.4 views

CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

7.5CVSS6.9AI score0.11615EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.8 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS8AI score0.01674EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:0 a.m.7 views

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

8.8CVSS8.1AI score0.06366EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.6 views

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

9.8CVSS8AI score0.01799EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.8 views

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

6.1CVSS6.1AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.6 views

CVE-2022-48124

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function...

9.8CVSS8AI score0.01958EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:11 a.m.6 views

CVE-2022-44249

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS7.5AI score0.0181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:49 p.m.6 views

CVE-2022-2261

The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue...

7.2CVSS6.7AI score0.01145EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.7 views

CVE-2022-28913

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...

10CVSS7.9AI score0.02463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.7 views

CVE-2022-28911

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate...

10CVSS7.9AI score0.02463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.8 views

CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

10CVSS7.9AI score0.02463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.8 views

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

7.5CVSS7.1AI score0.01415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.6 views

CVE-2021-38611

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

10CVSS7.6AI score0.01935EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.5 views

CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: https://x.x.x.x/HelpDeskTab/rcResults.asp?result= The same is tru...

5.4CVSS7AI score0.59632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.10 views

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS5.9AI score0.00619EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.5 views

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

6.1CVSS6AI score0.00678EPSS
Exploits1References1
Rows per page
Query Builder