Lucene search
+L

1202 matches found

NVD
NVD
added 2026/03/31 9:16 p.m.10 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS0.00575EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 8:31 p.m.5 views

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:31 p.m.1 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/31 8:31 p.m.18 views

CVE-2026-34381

Admidio versions 5.0.0–5.0.7 rely on adm_my_files/.htaccess to deny direct access, but the Docker image uses AllowOverride None, so Apache ignores .htaccess. This allows unauthenticated HTTP access to uploaded documents if the path is known; the path is disclosed in the upload response JSON. The ...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.16 views

PT-2026-29348

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description Admidio relies on .htaccess files to restrict direct HTTP access to uploaded documents. The Docker image is configured with AllowOverride None in the Apache configuration, causing these .htacces...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Admidio 访问控制错误漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio from 5.0.0 to 5.0.8 had a security vulnerability related to access contro...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/03/25 12:0 a.m.171 views

📄 EspoCRM 9.3.3 Remote Code Execution / Path Traversal

EspoCRM versions 9.3.3 and below proof of concept remote code execution exploit that leverages formula ACL bypass, path traversal, and poisoning. !/bin/bash =========================================================================== EspoCRM command Example: ./poc.sh http://192.168.5.16:8090 admin...

6.5AI score0.005EPSS
Exploits3
Cvelist
Cvelist
added 2026/03/16 7:16 p.m.28 views

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 7:16 p.m.9 views

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 7:16 p.m.21 views

CVE-2026-30875

Chamilo LMS (prior to v1.11.36) exposes an authenticated RCE via H5P Import. An attacker with Teacher role can upload a crafted H5P package that bypasses validation (H5P package validation only checks for h5p.json and does not block .htaccess or PHP files with alternate extensions), enabling exec...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/16 7:16 p.m.12 views

EUVD-2026-12496

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 10:59 p.m.8 views

EUVD-2026-9347

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

10CVSS6.1AI score0.3114EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2026/03/03 10:59 p.m.3 views

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

10CVSS6.1AI score0.3114EPSS
Exploits3References2
CVE
CVE
added 2026/03/03 10:59 p.m.24 views

CVE-2026-28289

FreeScout suffers CVE-2026-28289 (affecting

10CVSS6.1AI score0.3114EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2026/03/03 10:59 p.m.5 views

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

10CVSS5.9AI score0.3114EPSS
Exploits3References5
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for bypassing moduserdir+suexec. Users who have access to use the RequestHeader directive in htaccess can cause certain CGI scripts to run under an unexpected userid. This issue affects the Apache HTTP Server...

5.4CVSS6.7AI score0.00591EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.9 views

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 12:31 p.m.10 views

EUVD-2024-55454

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 10:16 a.m.9 views

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 9:23 a.m.21 views

CVE-2024-10938

The CVE-2024-10938 entry concerns the OVRI Payment WordPress plugin (v1.7.0). The connected documents describe malicious ".htaccess" files included with the plugin that contain directives intended to block execution of certain scripts while permitting execution of selected malicious PHP files. If...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References3
Rows per page
Query Builder