Lucene search
K

856 matches found

Cvelist
Cvelist
added 2025/09/22 9:20 a.m.8 views

CVE-2025-10009 Authenticated admin RCE in Invoice Ninja

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...

8.6CVSS0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 10:18 p.m.5 views

CVE-2025-58449

Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...

8.7CVSS7.9AI score0.00286EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-17898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM version 6.0.4 does not block direct requests to .tpl.php files, which allows remote attackers to obtain sensitive information. CVE-2017-17898...

7.5CVSS7.5AI score0.02109EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-14028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is...

7.2CVSS7.6AI score0.17722EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-8937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and...

6.1CVSS6AI score0.1068EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2025/08/16 11:11 a.m.2 views

CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

8.8CVSS7.9AI score0.00469EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.6 views

PT-2025-31995 · Dell · Dell Kace K1000 System Management Appliance

Name of the Vulnerable Software and Affected Versions: Dell KACE K1000 System Management Appliance versions 5.0 through 5.3 Dell KACE K1000 System Management Appliance versions 5.4 prior to 5.4.76849 Dell KACE K1000 System Management Appliance versions 5.5 prior to 5.5.90547 Description: An...

9.3CVSS6.6AI score0.00973EPSS
Exploits0References6
NVD
NVD
added 2025/08/01 9:15 p.m.5 views

CVE-2013-10055

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 and possibly earlier in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a...

9.3CVSS0.01345EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/18 3:31 p.m.8 views

simogeo/filemanager arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.8CVSS7.2AI score0.00641EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.14 views

PT-2025-28334 · WordPress · Widgets For Google Reviews

Name of the Vulnerable Software and Affected Versions: The Widget for Google Reviews plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server via...

8.8CVSS7.4AI score0.00785EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2025/07/08 12:0 a.m.115 views

📄 Tiki Wiki CMS Groupware 28.3 Server-Side Template Injection

Tiki Wiki CMS Groupware versions 28.3 and below suffer from two server-side template injection vulnerabilities via specially crafted wiki pages. ---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware '" The second vulnerability can be leveraged ...

9.9CVSS7.8AI score0.00781EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.5 views

PT-2025-28216 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A Cross-Site Scripting XSS Injection issue was found in WeGIA, a web manager for charitable institutions. The vulnerability is located in the novo memorando.php file. When a memo is submitted, the...

6.1CVSS5.8AI score0.00238EPSS
Exploits1References6
CVE
CVE
added 2025/06/23 8:48 p.m.59 views

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

10CVSS9.8AI score0.01706EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 6:15 a.m.2 views

CVE-2025-4954

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

8.8CVSS5.8AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.8 views

CVE-2025-22152

Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...

9.4CVSS7.4AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.9 views

CVE-2024-24496

An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components...

9.8CVSS6.8AI score0.19503EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.6 views

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.2CVSS7.3AI score0.00645EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:29 a.m.15 views

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...

7.2CVSS7.5AI score0.00701EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.7 views

CVE-2023-32528

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

8.8CVSS7.4AI score0.02992EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.3 views

CVE-2023-23565

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...

4.9CVSS6.9AI score0.00993EPSS
Exploits1References1
Rows per page
Query Builder