Lucene search
+L

742 matches found

Cvelist
Cvelist
added 2026/01/19 11:32 a.m.29 views

CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

5.8CVSS0.00299EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.14 views

PT-2026-3435

Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A security issue exists in the QR Code Image Handler component of technical-laohu mpay. Manipulation of the codeimg argument can lead to unrestricted upload. This issue can be exploited...

9.8CVSS5AI score0.00299EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/01/18 4:32 p.m.3 views

CVE-2026-1126

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

6.5CVSS5.1AI score0.00224EPSS
Exploits0References4
CVE
CVE
added 2026/01/18 4:32 p.m.17 views

CVE-2026-1126

The CVE-2026-1126 entry concerns the SVG File Handler’s uploadFile functionality in FormResource.java (flow-front-rest) used by lwj flow. The documented root cause is argument File manipulation leading to unrestricted file upload, with exploitation possible remotely and publicly disclosed. Affect...

6.5CVSS6.5AI score0.00224EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.8 views

PT-2026-3399

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file flow-masterflow-front-restsrcmainjavacomdragonflowwebresourceflowFormResource.java of the component SVG File Handler. The manipulation of the...

6.5CVSS6.7AI score0.00224EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.12 views

PT-2026-3375

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploi...

6.5CVSS6.5AI score0.00478EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/14 8:13 a.m.7 views

CVE-2025-41717

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...

8.8CVSS7.5AI score0.00496EPSS
Exploits1References1
NVD
NVD
added 2026/01/13 11:15 p.m.7 views

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS0.01087EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/13 10:52 p.m.23 views

CVE-2022-50939 e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS0.01087EPSS
Exploits1References4
OSV
OSV
added 2026/01/09 5:15 p.m.6 views

CVE-2025-15495

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

7.2CVSS5.5AI score0.0042EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.10 views

CVE-2024-2561

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

8.8CVSS8.7AI score0.06079EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/06 12:19 a.m.11 views

CVE-2025-15448

A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack...

6.5CVSS6.7AI score0.00324EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/04 9:32 a.m.4 views

CVE-2026-0577

A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The...

9.8CVSS6.1AI score0.00309EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/03 4:2 a.m.17 views

CVE-2025-15426

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

7.5CVSS6.6AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2026/01/02 9:32 a.m.18 views

CVE-2026-0547

PHPGurukul Online Course Registration up to v3.1 contains a vulnerability in the admin/edit-student-profile.php component where manipulating the photo parameter allows unrestricted file uploads. The issue is exploitable remotely and exploits have been made public, enabling arbitrary files to be u...

8.8CVSS6.3AI score0.0031EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/02 3:15 a.m.4 views

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

8.8CVSS6.1AI score0.00314EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/01 10:2 p.m.39 views

CVE-2025-15415 xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...

5.8CVSS0.00206EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/01 1:32 p.m.6 views

EUVD-2026-0018

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...

6.5CVSS6.3AI score0.00259EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/29 9:3 p.m.13 views

CVE-2025-15152

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

6.5CVSS6.2AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/29 7:0 a.m.15 views

CVE-2025-15110

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

7.2CVSS6.9AI score0.00344EPSS
Exploits1References1
Rows per page
Query Builder