Lucene search
K

1188 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.9 views

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.6AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.9 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:36 p.m.14 views

CLSA-2026-1778254552 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

8.8CVSS5.8AI score0.00654EPSS
Exploits2References1
OSV
OSV
added 2026/05/08 11:42 a.m.11 views

CLSA-2026-1778152899 httpd: Fix of 2 CVEs

CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...

8.1CVSS6.7AI score0.86006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 11:14 a.m.8 views

CVE-2026-24072

A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local attackers, specifically those with the ability to author .htaccess files, to read sensitive files. This flaw enables unauthorized access to files with the privileges of the httpd user, potentially...

8.8CVSS5.7AI score0.00654EPSS
Exploits1References4
NVD
NVD
added 2026/05/08 7:16 a.m.13 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS0.01549EPSS
Exploits4References6
NVD
NVD
added 2026/05/08 7:16 a.m.38 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS0.01028EPSS
Exploits3References6
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.34 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

0.01549EPSS
Exploits4References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

1C-Bitrix 安全漏洞

1C-Bitrix is a website platform system developed by the Russian company 1C-Bitrix. It integrates content management, e-commerce, and enterprise portal functions. Versions of 1C-Bitrix 25.100.500 and earlier contained security vulnerabilities. These vulnerabilities stemmed from users with the RIGH...

9.8CVSS6.2AI score0.01549EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.14 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6AI score0.01028EPSS
Exploits3References6
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.5 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6AI score0.01028EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.10 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

6AI score0.01549EPSS
Exploits4References6
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

6AI score0.01549EPSS
Exploits4References5
CVE
CVE
added 2026/05/08 12:0 a.m.2392 views

CVE-2025-67887

CVE-2025-67887 afecta 1C-Bitrix with the Translate Module up to 25.100.500. The root cause is unvalidated archive contents during extraction/upload, allowing an attacker with SOURCE/WRITE to upload a PHP file and a crafted .htaccess, then execute code on the server. Impact is remote code executio...

9.8CVSS6AI score0.01549EPSS
Exploits4References6
CVE
CVE
added 2026/05/08 12:0 a.m.80 views

CVE-2025-67886

CVE-2025-67886 affects Bitrix24 up to version 25.100.300, with the vulnerability residing in the Translate Module. An actor with SOURCE/WRITE permissions can upload an archive containing a PHP file and a crafted .htaccess, which then leads to remote code execution after extraction. Exploitation d...

6.3CVSS6AI score0.01028EPSS
Exploits3References6
Cvelist
Cvelist
added 2026/05/07 3:0 a.m.35 views

CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

3.5CVSS0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 3:0 a.m.9 views

CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

3.5CVSS5.7AI score0.00117EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 3:0 a.m.11 views

CVE-2026-41663

Admidio has a CSRF flaw (CVE-2026-41663) affecting versions prior to 5.0.9. The vulnerability lies in the preferences module where backup, test_email, and htaccess operations are executed via GET requests without CSRF validation, allowing exploitation via SameSite=Lax cookies to trigger actions o...

3.5CVSS5.7AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS0.00545EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:42 p.m.9 views

EUVD-2026-27893

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References4
Rows per page
Query Builder