Lucene search
K

739 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 7:33 a.m.19 views

Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/05/25 3:15 a.m.20 views

CVE-2026-9421

CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 3:15 a.m.15 views

EUVD-2026-31624

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-42999

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.10 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.12 views

CVE-2026-8758

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 2:16 p.m.27 views

CVE-2026-8758

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS0.00278EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 1:45 p.m.10 views

CVE-2026-8758

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29803

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 6:32 a.m.14 views

Funadmin has an Improper Access Control Issue

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:45 a.m.4 views

CVE-2026-7733

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/04 12:30 a.m.19 views

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/04 12:16 a.m.8 views

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36762

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/03 11:30 p.m.3 views

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4
NVD
NVD
added 2026/05/03 1:16 p.m.11 views

CVE-2026-7696

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...

6.5CVSS0.00224EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 10:45 a.m.11 views

EUVD-2026-26495

A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...

5.8CVSS5.4AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 10:45 a.m.17 views

CVE-2026-7578

MacCMS Pro

5.8CVSS5.4AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.7 views

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

5.8CVSS4.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.3 views

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin=custom=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder