Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/04/02 6:23 p.m.6 views

CVE-2026-34735

The CVE concerns Hytale Modding Wiki (version 1.2.0 and prior). The issue resides in the quickUpload() endpoint: MIME-type validation via PHP finfo is performed, but the stored filename is constructed from the client-supplied extension (getClientOriginalExtension()). These independent checks allo...

8.7CVSS6AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.5 views

PT-2026-29870

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...

8.7CVSS6AI score0.00306EPSS
Exploits0References3
OSV
OSVadded 2026/02/25 4:6 p.m.4 views

GHSA-XFVG-8V67-J7WP TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...

6.8CVSS6.3AI score0.00188EPSS
Exploits2References4
Github Security Blog
Github Security Blogadded 2026/02/25 4:6 p.m.7 views

TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...

6.8CVSS6.3AI score0.00188EPSS
Exploits2References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2024-3195

Malicious code in bioql PyPI...

2.3CVSS6.4AI score0.00537EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/23 8:4 a.m.4 views

CVE-2024-51758

Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their...

2.3CVSS6.6AI score0.00537EPSS
Exploits0References1
Veracode
Veracodeadded 2024/11/28 9:29 a.m.8 views

Sensitive Information Exposure

filament/actions is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure default configuration, specifically setting the public disk as the default storage disk, which allows sensitive files, such as exports, to be stored in a location that is publicly accessible,...

2.3CVSS6.3AI score0.00537EPSS
Exploits0References5Affected Software1
CNNVD
CNNVDadded 2024/11/07 12:0 a.m.5 views

Filament 安全漏洞

Filament is a collection of full-stack components used to accelerate Laravel development from Filament open source. A security vulnerability exists in Filament versions prior to 3.2.0 through 3.2.123, which stems from the use of the public disk as the default disk, resulting in sensitive data bei...

2.3CVSS6.4AI score0.00537EPSS
Exploits0References2
Rows per page
Query Builder