Lucene search
K

464 matches found

ICS
ICS
added 2026/06/18 6:0 a.m.12 views

AzeoTech DAQFactory (Update A)

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.4CVSS6.2AI score0.00148EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/17 8:13 a.m.33 views

CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

4.8CVSS0.00293EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-36074

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

7.2CVSS5.4AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS5.8AI score0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:15 p.m.7 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00387EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39890

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS6.4AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 5:55 p.m.27 views

CVE-2026-39970

The CVE covers TypeBot (chatbot builder) ≤ version 3.15.2, where the profile picture upload form fails to sanitize SVG/XML uploads and directly renders them. This enables stored XSS via crafted SVGs containing JavaScript, with payload stored on app.typebot.io and accessible via a permanent link, ...

8.5CVSS6AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.11 views

CVE-2021-47976

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 5:38 a.m.12 views

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS6.1AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:34 p.m.7 views

EUVD-2026-29188

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.8AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39737

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente upload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.8AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.7 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20172 Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS6AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 12:31 a.m.6 views

EUVD-2025-209557

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

5.5CVSS5.7AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 12:16 a.m.5 views

CVE-2025-36074

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

7.2CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:39 p.m.35 views

CVE-2025-36074 Security vulnerability has been detected in IBM Security Verify Directory

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

5.5CVSS0.0034EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:39 p.m.4 views

CVE-2025-36074

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

5.5CVSS5.7AI score0.0034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34574

Name of the Vulnerable Software and Affected Versions IBM Security Verify Directory Container versions 10.0.0 through 10.0.0.3 Description IBM Security Verify Directory is susceptible to malicious file upload due to a failure to validate file types. This allows a privileged user to upload harmful...

7.2CVSS5.8AI score0.0034EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/14 9:12 p.m.12 views

CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.1CVSS6AI score0.00219EPSS
Exploits0References4
CVE
CVE
added 2026/04/14 9:12 p.m.11 views

CVE-2026-34161

Technical details are not publicly available in the provided connected documents. Monitor for updates from Chamilo LMS advisory and subsequent CVE details.

5.4CVSS6AI score0.00219EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder