CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS0.00043EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2018-25409

SIM-PKH 2.4.1 contains an Arbitrary File Upload vulnerability. Authenticated users can upload PHP code via the fupload parameter to the aksi_pengurus.php endpoint (module=pengurus, act=update). Uploaded PHP files are stored in the foto directory and can be executed as web scripts, enabling potent...

8.8CVSS6AI score0.00043EPSS

Exploits0References4

EUVD•added 5 days ago•7 views

EUVD-2018-21931

8.8CVSS6AI score0.00043EPSS

Exploits0References4

Cvelist•added 5 days ago•31 views

CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

8.8CVSS0.00043EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•7 views

CVE-2018-25409

8.8CVSS6AI score0.00043EPSS

Exploits0References4Affected Software1

Positive Technologies•added 5 days ago•8 views

PT-2026-45109

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi pengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00043EPSS

Exploits0References5

Positive Technologies•added 6 days ago•8 views

PT-2026-44866

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi foto.php, aksi user.php, and aksi kecamatan.php to execute arbitra...

8.8CVSS6.3AI score0.0006EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26395

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00227EPSS

Exploits0References1

RedhatCVE•added 2025/09/04 9:13 a.m.•1 views

CVE-2025-41031

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnovac/FotoUsuario/llamadaAjax/uploadImage’...

6.9CVSS7AI score0.00227EPSS

Exploits0References1

Vulnrichment•added 2025/09/02 8:15 a.m.•1 views

CVE-2025-41031 Multiple vulnerabilities in Deporsite by T-INNOVA

6.9CVSS6.5AI score0.00227EPSS

Exploits0References1

Openbugbounty•added 2024/04/05 6:6 a.m.•7 views

foto-tipps.de Cross Site Scripting vulnerability OBB-3904007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Openbugbounty•added 2024/01/10 10:14 a.m.•5 views

foto-hartig.de Cross Site Scripting vulnerability OBB-3830828

6.2AI score

Exploits0

Openbugbounty•added 2023/12/19 5:52 p.m.•5 views

foto-video-portraits.de Improper Access Control vulnerability OBB-3818699

7AI score

Exploits0

Openbugbounty•added 2023/12/01 5:49 p.m.•10 views

foto-hermeter.com Improper Access Control vulnerability OBB-3799585