Lucene search
K

739 matches found

Vulnrichment
Vulnrichment
added 2026/03/28 4:0 p.m.2 views

CVE-2026-5001 PromtEngineer localGPT server.py do_POST unrestricted upload

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

7.5CVSS5.5AI score0.00294EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.3 views

CVE-2026-4875

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/modamenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS5.6AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.4 views

CVE-2026-4830

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

6.3CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 1:16 p.m.5 views

CVE-2026-4875

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/modamenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/26 3:30 a.m.3 views

EUVD-2026-16072

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

6.3CVSS5.2AI score0.00258EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 12:18 a.m.12 views

CVE-2026-4830

The vulnerability affects kalcaddle kodbox 1.64, specifically the Add function in app/controller/explorer/userShare.class.php of the Public Share Handler. It enables manipulation that leads to unrestricted upload via a remote attack. Reported as high-complexity with difficult exploitability, and ...

6.3CVSS5.6AI score0.00258EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:8 p.m.9 views

CVE-2026-4586

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a...

6.5CVSS5.3AI score0.00219EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/22 6:30 a.m.3 views

EUVD-2026-14278

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/22 4:2 a.m.2 views

CVE-2026-4536

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/20 9:31 p.m.6 views

EUVD-2026-13806

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 8:16 p.m.5 views

CVE-2026-4505

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26673

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module plugin.refresh plugins of the file packages/dbgpt-serve/src/dbgpt serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possib...

6.5CVSS6AI score0.00201EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12253

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

7.5CVSS5.3AI score0.00348EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/16 6:32 a.m.5 views

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 6:32 a.m.4 views

CVE-2026-4221 Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25620

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 8:2 p.m.13 views

CVE-2026-4191

CVE-2026-4191 affects JawherKl node-api-postgres (up to v2.5). The Profile Picture Handler’s index.js path.extname function is manipulated, causing unrestricted upload. Attack is remote and exploit has been published; vendor did not respond. No remediation details are provided in the supplied doc...

7.5CVSS6.5AI score0.00348EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.15 views

PT-2026-25565

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

7.5CVSS5.3AI score0.00348EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-15503

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...

9.8CVSS5.3AI score0.01907EPSS
In wildExploits1References15
Rows per page
Query Builder