Lucene search
K

856 matches found

NVD
NVD
added 2024/07/04 12:15 p.m.29 views

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

8.8CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 2024/06/24 7:15 a.m.22 views

CVE-2024-24551

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...

8.9CVSS0.00755EPSS
Exploits1References1
NVD
NVD
added 2024/06/24 7:15 a.m.23 views

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

8.9CVSS0.00692EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/24 7:8 a.m.28 views

CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...

8.9CVSS0.00755EPSS
Exploits1References1
CVE
CVE
added 2024/06/24 7:8 a.m.89 views

CVE-2024-24551

CVE-2024-24551 : Bludit is affected by a high-severity vulnerability in the Image API where authenticated attackers can upload and execute PHP files due to improper handling of file uploads. Affected component: Image API/file upload handling in Bludit. Impact: potential remote code execution with...

8.9CVSS7.6AI score0.00755EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/24 7:8 a.m.24 views

CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...

8.9CVSS7.9AI score0.00755EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.6 views

PT-2024-20442

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description A security issue has been identified, allowing attackers with knowledge of the API token to upload arbitrary files through the "File API" which leads to arbitrary code execution on the server...

8.9CVSS7.5AI score0.00692EPSS
Exploits1References5
OSV
OSV
added 2024/06/10 3:15 p.m.4 views

CVE-2024-35306

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

9.8CVSS7.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/10 2:30 p.m.22 views

CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

8.7CVSS7.8AI score0.00926EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 2:3 a.m.40 views

CVE-2024-3551

CVE-2024-3551 affects the Penci Soledad Data Migrator plugin for WordPress. It allows Local File Inclusion via the data parameter in all versions up to 1.3.0, enabling unauthenticated attackers to include and execute PHP files on the server, bypassing access controls and potentially leading to co...

9.8CVSS7.9AI score0.00689EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-3499

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...

8.8CVSS6.3AI score0.01063EPSS
Exploits0References2
NVD
NVD
added 2024/04/29 12:15 p.m.17 views

CVE-2024-4306

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

9.9CVSS9.6AI score0.00694EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/29 11:56 a.m.19 views

CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

9.9CVSS9.7AI score0.00694EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 5:47 p.m.21 views

CVE-2023-48710 iTop limit pages/exec.php script to PHP files

iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The pages/exec.php script as been...

9.8CVSS9.5AI score0.00719EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.6 views

PT-2024-23216 · Invision Power Services · Invision Community

Name of the Vulnerable Software and Affected Versions: Invision Community versions prior to 4.7.17 Description: The issue allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPScoremodulesadmineditor toolbar::addPlugin method. This method handles uploaded ZIP...

7.2CVSS8AI score0.00701EPSS
Exploits2References8
Cvelist
Cvelist
added 2024/03/25 12:0 a.m.13 views

CVE-2024-29515

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component...

7.6AI score0.01164EPSS
Exploits1References1
NVD
NVD
added 2024/03/13 4:15 p.m.15 views

CVE-2024-1358

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

8.8CVSS8.5AI score0.01235EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Directory traversal

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

6.5CVSS7AI score0.01235EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.28 views

CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

8.8CVSS8.6AI score0.01235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.20 views

CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

8.8CVSS7.3AI score0.01235EPSS
Exploits0References3
Rows per page
Query Builder