Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2021-23134

Malware in sbrugna...

8.1CVSS8AI score0.00653EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 6:39 p.m.6 views

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php...

8.1CVSS7.5AI score0.00653EPSS
Exploits1
OSV
OSVadded 2025/04/01 10:15 p.m.1 views

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

6.7CVSS6.9AI score
Exploits0References1
OSV
OSVadded 2023/02/03 6:15 p.m.6 views

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php...

8.1CVSS8.2AI score
Exploits0References1
NVD
NVDadded 2023/02/03 6:15 p.m.10 views

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php...

8.1CVSS8.2AI score0.00653EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/02/03 12:0 a.m.5 views

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php...

7.8AI score0.00653EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/02/03 12:0 a.m.12 views

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php...

8.4AI score0.00653EPSS
Exploits1References1
NVD
NVDadded 2021/08/12 10:15 p.m.10 views

CVE-2021-29377

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt...

9.8CVSS0.00853EPSS
Exploits1References1
Prion
Prionadded 2021/08/12 10:15 p.m.9 views

Privilege escalation

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt...

7.5CVSS9.7AI score0.00853EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2020/04/27 5:56 a.m.12 views

Cross-site Scripting (XSS)

typo3/cms-filelist is vulnerable to cross-site scripting XSS attacks. This attack is possible due to lack of sanitization in thefileext field in the formatFileList function of FileLlist.php, allowing an attacker to inject the malicious script, and execute the scripts when a user visit the page an...

2.4AI score
Exploits0
seebug.org
seebug.orgadded 2013/04/22 12:0 a.m.15 views

PHPCMS 9.3.1 /phpcms/modules/attachment/attachments.php 文件上传漏洞

PHPCMS是国内一款非常流行的网站内容管理系统,其9.3.1版本中,当上传文件名为xxx.Php.jpg%20%20%20%20%20%20%20Php时,经过fileext函数反向查找".",然后截断了Php,即可通过isimage的验证,又由于strpos是大小写敏感的,当后缀为Php时即可绕过strpos,最后上传至服务器,apache服务器可以解析该畸形文件,最终导致文件上传漏洞。 PHPCMS 9.3.1...

7.1AI score
Exploits0
Rows per page
Query Builder