Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/01/12 10:5 p.m.40 views

CVE-2026-22799

Summary: CVE-2026-22799 affects the open-source CMS emlog. Versions prior to 2.6.1 expose the REST API endpoint /index.php?rest-api=upload without proper validation of file types, extensions, or content. This allows authenticated attackers (with a valid API key or an admin session cookie) to uplo...

9.3CVSS7.7AI score0.00627EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/12 10:5 p.m.23 views

CVE-2026-22799 emlog Arbitrary File Upload Vulnerability

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

9.3CVSS0.00627EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 11:15 p.m.8 views

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

8.8CVSS0.00874EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.22 views

CVE-2023-53933 Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

8.8CVSS0.00874EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.13 views

CVE-2023-53933

CVE-2023-53933 affects Serendipity 2.4.0. An authenticated attacker can upload PHP files with a .phar extension via the media upload endpoint, enabling remote code execution on the server. The vulnerability arises from accepting or processing uploaded files in a way that allows execution of syste...

8.8CVSS8.4AI score0.00874EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.8 views

PT-2025-51971

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated attacker can upload malicious PHP files with a .phar extension, leading to remote code execution. Attackers can upload files containing system command payloads to the media upload endpoint...

8.8CVSS8.2AI score0.00874EPSS
Exploits1References10
Rows per page
Query Builder