Lucene search
+L

2956 matches found

Vulnrichment
Vulnrichment
added 2026/05/17 1:45 p.m.8 views

CVE-2026-8758 Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 1:45 p.m.16 views

EUVD-2026-30705

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Metasoft MetaCRM 访问控制错误漏洞

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft, a Chinese company. Versions of Metasoft MetaCRM 6.4.0 Beta06 and earlier contained a access control error vulnerability. This vulnerability stemmed from an improper handling of the File parameter by an...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.17 views

PT-2026-41569

Name of the Vulnerable Software and Affected Versions MetaCRM versions prior to 6.4.0 Beta06 Description An unrestricted file upload issue exists in the '/common/jsp/upload3.jsp' file. A remote attacker can exploit this by manipulating the File argument, allowing the upload of unauthorized files...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References7
NVD
NVD
added 2026/05/12 10:16 p.m.15 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:9 p.m.10 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:6 p.m.6 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00319EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 9:6 p.m.8 views

CVE-2026-44257 efw4.X: RCE via zipslip

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.15 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 12:33 a.m.14 views

EUVD-2026-28947

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00244EPSS
Exploits0References5
CVE
CVE
added 2026/05/09 10:15 p.m.18 views

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

5.8CVSS5.6AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/09 10:15 p.m.7 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00244EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 10:15 p.m.6 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00244EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/09 10:15 p.m.88 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/04/21 5:16 p.m.7 views

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS0.00653EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/21 4:11 p.m.5 views

CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00653EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 4:11 p.m.44 views

CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS0.00653EPSS
Exploits0References7
CVE
CVE
added 2026/04/21 4:11 p.m.45 views

CVE-2019-25714

CVE-2019-25714 affects Seeyon OA A8, with an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint. The issue allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests containing base64-encoded pa...

9.3CVSS6.2AI score0.00653EPSS
In wildExploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/04/21 12:0 a.m.67 views

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00653EPSS
In wildExploits0References2
RedHat Linux
RedHat Linux
added 2026/04/15 5:31 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

9.6CVSS6.9AI score0.66535EPSS
Exploits4References9
Rows per page
Query Builder