Lucene search
K

376 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-14031

Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53311

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper restriction of file path resolution allows arbitrary local file content to be read and transmitted to Snowflake services. An attacker can exploit this by providing crafted repository or...

6.3CVSS6.1AI score0.00139EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin Confidant 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.4AI score0.00415EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:0 a.m.14 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

6.3AI score0.00472EPSS
Exploits1References3
OSV
OSV
added 2026/05/27 4:15 a.m.13 views

USN-8314-1 ayttm vulnerabilities

It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.34174EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-30041

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 4:17 p.m.12 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS0.00391EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.28 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 8:4 a.m.12 views

CVE-2026-39454

The CVE-2026-39454 entry concerns SKYSEA Client View and SKYMEC IT Manager from Sky Co., Ltd. Allowing a non-administrative user to place or manipulate files in the product installation folder due to improper access permissions, potentially enabling arbitrary code execution with administrative pr...

8.5CVSS7.3AI score0.00112EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. These devices include smartphones, tablets, etc. There are security vulnerabilities in Samsung Mobile devices, which stem from improper external control of file names. This vulnerability could...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

WordPress plugin OrganicFood 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Homeo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin Gaspard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin Curly Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.12 views

WordPress plugin Feedy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Hypnotherapy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

WordPress plugin BuilderPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.17 views

CVE-2026-32393

CVE-2026-32393 concerns the WordPress plugin Greenly Theme Addons (Creatives Planet/Creatives_Planet Greenly Theme Addons) with versions older than 8.2. The issue is an Improper Control of Filename for Include/Require Statement in PHP, enabling PHP Local File Inclusion due to what is described as...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/13 5:6 a.m.6 views

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

8.3CVSS5.8AI score0.0008EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Client Invoicing by Sprout Invoices 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.8AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder