Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-14593

Malware in sbrugna...

8.8CVSS8.6AI score0.01381EPSS
Exploits0References11
OSV
OSVadded 2021/05/10 11:15 p.m.2 views

CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...

5.4CVSS5.9AI score
Exploits0References1
NVD
NVDadded 2017/01/15 2:59 a.m.12 views

CVE-2017-5489

Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...

8.8CVSS9.4AI score0.01381EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2017/01/15 2:59 a.m.19 views

CVE-2017-5489

Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...

8.8CVSS7.2AI score0.01381EPSS
Exploits0References6
Prion
Prionadded 2017/01/15 2:59 a.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...

6.8CVSS8.9AI score0.01381EPSS
Exploits0References7Affected Software1
CVE
CVEadded 2017/01/15 2:0 a.m.116 views

CVE-2017-5489

CVE-2017-5489 affects WordPress before 4.7.1. It is a CSRF vulnerability that allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. The impact is the hijack of user authentication with potential for unauthorized actions. WordPress p...

8.8CVSS7.3AI score0.01381EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVEadded 2017/01/15 2:0 a.m.13 views

CVE-2017-5489

Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...

8.8CVSS9AI score0.01381EPSS
Exploits0
CNVD
CNVDadded 2016/10/18 12:0 a.m.1 views

Magento CMS Flash File Upload Cross-Site Scripting Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...

6.9AI score
Exploits0References1
Atlassian
Atlassianadded 2014/06/19 7:51 a.m.18 views

Flash content-type sniffing allows Cross Site Data Hijacking

As documented at http://blog.detectify.com/post/86298380233/the-pitfalls-of-allowing-file-uploads-on-your-website it is possible to upload a flash file to confluence with a different content-type than for flash and when embedded on an attacker's domain will be able to make requests to the...

0.1AI score
Exploits0
Rows per page
Query Builder