Lucene search
K

164 matches found

OSV
OSV
added 2025/07/18 2:15 p.m.5 views

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.8CVSS8AI score0.00641EPSS
Exploits1References3
OSV
OSV
added 2025/06/22 10:15 a.m.4 views

CVE-2025-6472

A vulnerability, which was classified as critical, has been found in code-projects Online Bidding System 1.0. Affected by this issue is some unknown functionality of the file /showprod.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploi...

9.8CVSS5.7AI score0.00394EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.4 views

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

5.4CVSS6AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.6 views

CVE-2020-11811

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file...

10CVSS9.2AI score0.02998EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:23 p.m.8 views

CVE-2012-3483

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file...

6.2CVSS6.9AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:16 a.m.7 views

CVE-2019-13597

s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...

9.8CVSS7.5AI score0.14349EPSS
Exploits1References1
NVD
NVD
added 2025/04/09 11:15 p.m.13 views

CVE-2025-24375

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...

5CVSS0.00147EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

SourceCodester Packers and Movers Management System 安全漏洞

SourceCodester Packers and Movers Management System is an open source packers and movers management system from Sourcecodester. A security vulnerability exists in version 1.0 of the SourceCodester Packers and Movers Management System, which stems from a cross-site scripting vulnerability in...

6.4CVSS6AI score0.00985EPSS
Exploits1References1
NVD
NVD
added 2025/01/09 8:15 a.m.11 views

CVE-2024-43660

The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...

7.5CVSS0.00562EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.3 views

Digital China Networks vendor 安全漏洞

Digital China Networks vendor is a series of vendor firewalls from Digital China Networks DCCN, a Chinese company. A security vulnerability exists in Digital China Networks vendor version v.7.2.6.120, which originates from a vulnerability that could allow a remote attacker to execute arbitrary co...

8.8CVSS7.6AI score0.00838EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.3 views

SourceCodester Car Driving School Management System 跨站脚本漏洞

SourceCodester Car Driving School Management System is a driving school management system from SourceCodester. A cross-site scripting vulnerability exists in the SourceCodester Car Driving School Management System version 1.0, which originates from a cross-site scripting vulnerability in the...

6.1CVSS4.5AI score0.00426EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.3 views

Ruijie Networks RG-UAC Operating System Command Injection Vulnerability

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC version 1.0, which originates from a...

8.8CVSS7.4AI score0.09094EPSS
Exploits1References5
Rosalinux
Rosalinux
added 2024/06/17 8:56 a.m.22 views

Advisory ROSA-SA-2024-2431

Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...

5.5CVSS7AI score0.01136EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/04/10 1:10 p.m.41 views

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files WSFs since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its...

7.3AI score
Exploits0
OSV
OSV
added 2024/04/08 6:15 a.m.1 views

CVE-2024-31022

An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component...

9.8CVSS6.1AI score0.00948EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/12 8:10 a.m.24 views

CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...

5.3CVSS5.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:56 a.m.28 views

BIT-LUA-2021-43519

Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...

5.5CVSS5.9AI score0.01136EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.5 views

ChatGPT-wechat-personal Security Vulnerability

ChatGPT-wechat-personal is to realize the function of ChatGPT chatbot in WeChat personal subscription number by calling OpenAI latest interface and gpt-3.5-turbo model. A security vulnerability exists in ChatGPT-wechat-personal version a0857f6, which stems from a Server Request Forgery SSRF...

9.8CVSS7.3AI score0.00661EPSS
Exploits1References2
Zero Science Lab
Zero Science Lab
added 2024/01/31 12:0 a.m.315 views

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...

9.8CVSS5.8AI score0.00524EPSS
Exploits1
CNNVD
CNNVD
added 2023/12/17 12:0 a.m.3 views

Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...

9.8CVSS7.6AI score0.89138EPSS
Exploits2References4
Rows per page
Query Builder