Lucene search
K

739 matches found

EUVD
EUVD
added 2026/04/27 8:45 a.m.6 views

EUVD-2026-25804

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 8:45 a.m.3 views

CVE-2026-7107

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/27 12:16 a.m.14 views

CVE-2026-7065

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

7.5CVSS0.00294EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.4 views

PT-2026-35438

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

5.8CVSS5.2AI score0.00218EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

BuildingAI 代码问题漏洞

BuildingAI is an enterprise-level open-source intelligence platform for individual developers, enabling the visualization configuration of AI applications. Versions of BuildingAI prior to 26.0.1 have code vulnerabilities; these vulnerabilities stem from the handling of the url parameter in the...

7.5CVSS7.2AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35447

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

5.8CVSS5.2AI score0.00218EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/26 11:0 p.m.4 views

CVE-2026-7065

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

7.5CVSS7AI score0.00294EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/26 1:15 p.m.8 views

EUVD-2026-25720

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:15 p.m.2 views

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35225

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.12 views

PT-2026-35272

Name of the Vulnerable Software and Affected Versions BidingCC BuildingAI versions prior to 26.0.2 Description The Remote Upload API contains a server-side request forgery SSRF issue. This occurs when the uploadRemoteFile function in the...

7.5CVSS7.4AI score0.00294EPSS
Exploits0References10
NVD
NVD
added 2026/04/20 4:16 p.m.4 views

CVE-2026-6650

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.7 views

PT-2026-33618

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:0 p.m.2 views

CVE-2026-6489

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

6.5CVSS5.3AI score0.00257EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19398

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.4 views

CVE-2026-5573

A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public an...

9.8CVSS6.7AI score0.0052EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/05 6:0 a.m.3 views

CVE-2026-5546

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS5.6AI score0.00257EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.4 views

CVE-2026-5181

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/03/28 4:15 p.m.5 views

CVE-2026-5001

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

7.5CVSS0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 4:0 p.m.1 views

CVE-2026-5001

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

7.5CVSS5.5AI score0.00294EPSS
Exploits0References4
Rows per page
Query Builder