CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.1AI score0.01277EPSS

Exploits3References3

VulnCheck KEV•added 2026/03/10 12:0 a.m.•14 views

VulnCheck KEV: CVE-2025-10353

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

9.3CVSS6.4AI score0.01277EPSS

In wildExploits3References16

Veracode•added 2025/12/01 1:20 p.m.•2 views

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

9.3CVSS8.1AI score0.01277EPSS

Exploits3References5Affected Software1

OSV•added 2025/10/08 12:30 p.m.•1 views

GHSA-CHW4-GJVW-3GXC Melis Platform CMS Unauthenticated File Upload Leading to RCE

9.3CVSS8.3AI score0.01277EPSS

Exploits3References5

Github Security Blog•added 2025/10/08 12:30 p.m.•3 views

Melis Platform CMS Unauthenticated Admin Account Creation

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'...

9.3CVSS7AI score0.00195EPSS

Exploits3References5Affected Software1

Github Security Blog•added 2025/10/08 12:30 p.m.•2 views

Melis Platform CMS Unauthenticated File Upload Leading to RCE

9.3CVSS8.3AI score0.01277EPSS

Exploits3References5Affected Software1

OSV•added 2025/10/08 12:30 p.m.•2 views

GHSA-P3VC-G9F9-MGW4 Melis Platform CMS Unauthenticated Admin Account Creation

9.3CVSS7AI score0.00195EPSS

Exploits3References5

Github Security Blog•added 2025/10/08 12:30 p.m.•4 views

Melis Platform CMS SQL Injection

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

9.3CVSS8.1AI score0.00014EPSS

Exploits2References5Affected Software1

OSV•added 2025/10/08 12:30 p.m.•1 views

GHSA-MRMX-JFW8-QHGV Melis Platform CMS SQL Injection

9.3CVSS8.1AI score0.00014EPSS

Exploits2References5

GithubExploit•added 2025/10/08 11:52 a.m.•173 views

Exploit for CVE-2025-10353

CVE-2025-10353 - File Upload RCE PoC 🛠️ Exploit for CVE-202...

9.3CVSS8.3AI score0.01277EPSS

Exploits3

NVD•added 2025/10/08 11:15 a.m.•1 views

CVE-2025-10353

9.3CVSS0.01277EPSS

Exploits3References2

NVD•added 2025/10/08 11:15 a.m.•1 views

CVE-2025-10352

9.3CVSS0.00195EPSS

Exploits3References2

NVD•added 2025/10/08 11:15 a.m.•2 views

CVE-2025-10351

9.3CVSS0.00014EPSS

Exploits2References2

GithubExploit•added 2025/10/08 10:48 a.m.•200 views

Exploit for CVE-2025-10352

CVE-2025-10352 Ex...

9.3CVSS7.1AI score0.00195EPSS

Exploits3

GithubExploit•added 2025/10/08 10:48 a.m.•124 views

Exploit for CVE-2025-10352

CVE-2025-10352 - Admin Account Creation PoC 🛠️ Exploit for C...

9.3CVSS7.3AI score0.00195EPSS

Exploits3

Cvelist•added 2025/10/08 10:47 a.m.•6 views

CVE-2025-10353 Missing Authorization vulnerability in Melis Platform

9.3CVSS0.01277EPSS

Exploits3References2

Vulnrichment•added 2025/10/08 10:47 a.m.•1 views

CVE-2025-10353 Missing Authorization vulnerability in Melis Platform

9.3CVSS7.8AI score0.01277EPSS

Exploits3References2

CVE•added 2025/10/08 10:47 a.m.•9 views

CVE-2025-10353

CVE-2025-10353 is an RCE via unrestricted file upload in Melis Technology's Melis Platform, specifically the melis-cms-slider module. A crafted POST to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm uploading via the mcsdetail_img parameter can allow an attacker to place and execute ...

9.3CVSS7.9AI score0.01277EPSS

In wildExploits3References2

Vulnrichment•added 2025/10/08 10:46 a.m.•1 views

CVE-2025-10352 Missing Authorization vulnerability in Melis Platform

9.3CVSS6.5AI score0.00195EPSS

Exploits3References2

CVE•added 2025/10/08 10:46 a.m.•8 views

CVE-2025-10352

The CVE-2025-10352 entry details an unauthenticated vulnerability in Melis Platform’s melis-core, allowing an attacker to create an administrator account via /melis/MelisCore/ToolUser/addNewUser. Affected: Melis Platform melis-core module; impact is unauthorized admin creation with potential full...

9.3CVSS6.5AI score0.00195EPSS

Exploits3References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by