Lucene search
K

372 matches found

NVD
NVD
added 2026/07/02 5:16 p.m.9 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:4 p.m.11 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/19 9:17 p.m.12 views

DEBIAN-CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:17 p.m.12 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51027

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20 Description An issue in the h.265 video codec implementation allows a crafted sequence of H.265 NAL units to cause the decoder context::read slice NAL function to attach slice headers to a finished picture...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References16
NVD
NVD
added 2026/06/15 12:16 p.m.30 views

CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:5 a.m.37 views

CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

6.9CVSS5.8AI score0.00232EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/12 3:30 p.m.4 views

EUVD-2019-20141

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References5
NVD
NVD
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS0.00607EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.22 views

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS0.00607EPSS
Exploits1References4
CVE
CVE
added 2026/04/12 12:28 p.m.11 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated access that lets an attacker download and decode the application database (imgdb.db in upload/data). The deserialized database stores delete IDs in plaintext, enabling an attacker to delete all pictures by manipulating the d parameter...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.12 views

PT-2026-32171

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References6
OSV
OSV
added 2026/03/24 2:16 p.m.11 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

7.5CVSS5.8AI score0.07992EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 2:16 p.m.6 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.07992EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 2:16 p.m.13 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:14 p.m.3 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder