Lucene search
K

2955 matches found

Nuclei
Nuclei
added 5 hours ago99 views

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

7.5CVSS7AI score0.39885EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday23 views

Eclipse BIRT Viewer - Remote Code Execution

Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters. id: CVE-2021-34427 info: name: Eclipse BIRT Viewer - Remote Code...

9.8CVSS7.1AI score0.5771EPSS
Exploits4References3
NVD
NVD
added yesterday9 views

CVE-2026-15514

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15474 Eleveo Call Recording Software audio.jsp improper authorization

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote...

5.3CVSS0.00207EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43193

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pcidssstatus.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. Th...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References5
CVE
CVE
added 3 days ago11 views

CVE-2026-15470

Technical details (affected product, versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.

5.3CVSS5.7AI score0.00207EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42925

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-15375

CVE-2026-15375 affects Eleveo Call Recording Software 9.7.0, targeting the LDAP User Interface component via the file /callrec/users_ldap.jsp. The issue is described as improper authorization, with remote initiation possible and public exploit disclosure. The record notes that the vendor was cont...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 5:16 p.m.11 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS0.00708EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 5:4 p.m.19 views

CVE-2022-50973

Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...

9.8CVSS6.2AI score0.0086EPSS
In wildExploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:4 p.m.11 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/02 5:3 p.m.8 views

EUVD-2024-55646

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 5:3 p.m.27 views

CVE-2024-14037

CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...

9.8CVSS6.5AI score0.00708EPSS
In wildExploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:3 p.m.8 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
NVD
NVD
added 2026/06/09 10:16 p.m.13 views

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/09 9:9 p.m.8 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS5.6AI score0.00293EPSS
Exploits1References3
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-41846

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:50 a.m.36 views

CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.19 views

EUVD-2026-35334

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder