Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 8:24 a.m.3 views

CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.1AI score0.02763EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2025/03/12 6:32 p.m.11 views

Duplicate Advisory: Plenti - Code Injection - Denial of Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj4v-hp69-27x5. This link is maintained to preserve external references. Original Description Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can...

8.8CVSS7.4AI score0.00696EPSS
Exploits1References7Affected Software1
OSV
OSVadded 2025/03/12 6:32 p.m.4 views

GHSA-323W-6P85-26FR Duplicate Advisory: Plenti - Code Injection - Denial of Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj4v-hp69-27x5. This link is maintained to preserve external references. Original Description Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can...

6.5CVSS8.8AI score0.00696EPSS
Exploits1References7
OSV
OSVadded 2025/03/12 4:15 p.m.3 views

CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

8.8CVSS9AI score0.00696EPSS
Exploits1References4
NVD
NVDadded 2025/03/12 4:15 p.m.7 views

CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

8.8CVSS0.00696EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/03/12 12:0 a.m.9 views

CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

0.00696EPSS
Exploits1References4
Veracode
Veracodeadded 2024/11/13 5:57 a.m.12 views

Remote Code Execution (RCE)

github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the /postLocal endpoint, which allows an attacker to write arbitrary files to the server when a Plenti user serves their website...

9.3CVSS7.4AI score0.02763EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2024/10/28 3:20 p.m.15 views

GO-2024-3214 Plenti arbitrary file deletion vulnerability in github.com/plentico/plenti

Plenti arbitrary file deletion vulnerability in github.com/plentico/plenti...

8.7CVSS7.5AI score0.00773EPSS
Exploits1References4
CNNVD
CNNVDadded 2024/10/25 12:0 a.m.3 views

Plenti 注入漏洞

Plenti is a static site generator from Plentico open source. An injection vulnerability exists in versions of Plenti prior to 0.7.2, which stems from the fact that when a user runs their site, the /postLocal endpoint can be exploited for arbitrary file deletion, potentially resulting in loss of...

8.7CVSS8AI score0.00773EPSS
Exploits1References3
Rows per page
Query Builder