Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS5.5AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 2:30 p.m.10 views

EUVD-2026-30297

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.22 views

CVE-2021-47757 Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server...

8.8CVSS0.0076EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-34314

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22352

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00349EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1849

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00304EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/07/03 4:52 a.m.520 views

Exploit for Path Traversal in Rarlab Winrar

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerab...

7.8CVSS7.9AI score0.86192EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.7 views

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

8.8CVSS7.2AI score0.01132EPSS
Exploits2References1
CVE
CVE
added 2025/03/19 4:3 p.m.210 views

CVE-2025-30153

CVE-2025-30153 affects kin-openapi (Go) prior to 0.131.0. The issue occurs when validating a request with a multipart/form-data schema: if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb) that causes the server to exhaust memory. The root cause is the Zip...

7.5CVSS7.4AI score0.00497EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/19 12:0 a.m.8 views

RockyLinux 9 : python3.11 (RLSA-2024:9192)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9192 advisory. python: The zipfile module is vulnerable to zip-bombs leading to denial of service CVE-2024-0450 python: cpython: Iterating over a malicious ZIP file may...

8.7CVSS7AI score0.01275EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2023/10/23 12:22 p.m.12 views

Battling a new DarkGate malware campaign with Malwarebytes MDR

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/07/11 5:42 p.m.13 views

Dissecting a Clever Malware Sample for Optimized Detection and Protection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

7.3AI score
Exploits0
NVD
NVD
added 2023/06/07 9:15 p.m.35 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.8CVSS7.2AI score0.00142EPSS
Exploits0References1
Veracode
Veracode
added 2022/11/21 11:27 a.m.28 views

Path Traversal

org.testng:testng is vulnerable to path traversal. A remote authenticated attacker is able to cause a malicious zip file to break out of the expected destination directory, writing contents into arbitrary locations on the file system via the testngXmlExistsInJar function of the...

7.8CVSS7.2AI score0.00876EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2022/11/18 2:10 a.m.17 views

Path Traversal

The fileutil subpackage in github.com/duke-git/lancet is vulnerable to path traversal. The vulnerability exists in the UnZip function in file.go due to a ZipSlip vulnerability which allows an attacker to create files outside the designated target directory using malicious zip file names...

8.8CVSS8.2AI score0.00793EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/09/11 2:15 p.m.15 views

CVE-2022-26049

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

8.8CVSS0.01809EPSS
Exploits1References3
Prion
Prion
added 2022/07/17 11:15 p.m.15 views

Remote code execution

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

6.5CVSS8.8AI score0.01132EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.16 views

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

7.3AI score0.02099EPSS
Exploits1References3
Prion
Prion
added 2021/02/15 8:15 p.m.24 views

Directory traversal

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

6.5CVSS7.4AI score0.16611EPSS
Exploits4References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/17 12:0 a.m.3 views

The vulnerability of the ManageEngine Desktop Central software for managing workstations via a web interface lies in the lack of restrictions on the download of files of unsanctioned types. This allows a malicious individual to download a specially created malicious ZIP file.

The vulnerability of the ManageEngine Desktop Central software for managing workstations via a web interface is related to the lack of restrictions on the download of files of non-safe types. Exploiting this vulnerability allows a malicious actor to download a specially created malicious ZIP file...

4.3CVSS6.6AI score0.04386EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder