Lucene search
K

1582 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:52 p.m.18 views

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

8.8CVSS8AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.5 views

CVE-2020-36485

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...

7.8CVSS8.2AI score0.00453EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 p.m.7 views

CVE-2020-23037

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

9.8CVSS7.6AI score0.01435EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.10 views

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

9CVSS8.1AI score0.05242EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 a.m.11 views

CVE-2010-3099

Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename. NOTE: some of these details are obtained from third party informatio...

9.3CVSS7.2AI score0.01354EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2025/05/22 12:0 a.m.222 views

ABB Cylon Aspect 3.08.02 (MIX) Session Validation Bypass

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect suffers from a broken session management issue. The...

5.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/18 12:0 a.m.31 views

JVN#22348866: Active! mail vulnerable to stack-based buffer overflow

Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. Impact Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead t...

9.8CVSS8AI score0.03084EPSS
Exploits0
CVE
CVE
added 2025/04/07 12:2 p.m.109 views

CVE-2025-0050

Arm Mali GPU drivers (Bifrost, Valhall, and Arm 5th Gen) expose CVE-2025-0050: Improper memory buffer bound checks allow a non-privileged process to perform GPU operations (including via WebGL/WebGPU) outside of buffer bounds. Affected: Bifrost userspace driver r0p0–r49p2 and r50p0–r51p0; Valhall...

5.9CVSS7.3AI score0.00157EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2025/04/07 12:2 p.m.12 views

CVE-2025-0050 Mali GPU Userspace Driver allows an Out-of-Bounds access

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations,...

0.00157EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/04/03 12:0 a.m.171 views

ABB Cylon Aspect 3.07.02 - File Disclosure

Exploit Title : ABB Cylon Aspect 3.07.02 - File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/20 1:13 p.m.10 views

CVE-2025-2495

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

5.3CVSS6AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/20 11:39 a.m.6 views

CVE-2025-2493

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...

8.7CVSS7AI score0.00501EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/20 4:22 a.m.11 views

CVE-2024-27564

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading...

6.5CVSS7.4AI score0.40637EPSS
Exploits2References1
NVD
NVD
added 2025/03/18 12:15 p.m.16 views

CVE-2025-2494

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...

9.8CVSS0.0058EPSS
Exploits0References1
NVD
NVD
added 2025/03/18 12:15 p.m.15 views

CVE-2025-2493

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...

8.7CVSS0.00501EPSS
Exploits0References1
CVE
CVE
added 2025/03/18 11:28 a.m.60 views

CVE-2025-2495

The CVE-2025-2495 issue affects Softdial Contact Center (Sytel Ltd.). It is a stored XSS vulnerability where an attacker can upload XML files via /softdial/scheduler/save.php; the injected JavaScript executes when the file is loaded through /softdial/scheduler/load.php, enabling potential redirec...

5.4CVSS5.6AI score0.0021EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/18 11:27 a.m.12 views

CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...

8.7CVSS6.7AI score0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/18 11:27 a.m.33 views

CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...

8.7CVSS0.0058EPSS
Exploits0References1
CVE
CVE
added 2025/03/18 11:27 a.m.51 views

CVE-2025-2494

CVE-2025-2494 describes an unrestricted file upload vulnerability in Softdial Contact Center (Sytel Ltd.). An attacker can upload files via the /softdial/phpconsole/upload.php endpoint, which is protected by basic HTTP authentication, into a directory exposed by the web application. The uploaded ...

9.8CVSS6.8AI score0.0058EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/18 11:20 a.m.22 views

CVE-2025-2493 Path Traversal vulnerability in Softdial Contact Center

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...

8.7CVSS0.00501EPSS
Exploits0References1
Rows per page
Query Builder