Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.12 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:49 a.m.12 views

Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...

9.8CVSS7.6AI score0.01819EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-2596

Malicious code in bioql PyPI...

7.9CVSS7.3AI score0.0296EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/09/21 12:11 a.m.8 views

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

9.1CVSS8.5AI score0.00694EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 2:26 p.m.6 views

GHSA-V22V-XWH7-2VRM UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

8.6CVSS6AI score0.00446EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/10 12:0 a.m.4 views

PT-2024-34919 · Unknown · Dang Ngoc Binh Audio Record

Name of the Vulnerable Software and Affected Versions: Dang Ngoc Binh Audio Record versions n/a through 1.0 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables remote hackers to uploa...

10CVSS7.5AI score0.0056EPSS
Exploits0References7
OSV
OSV
added 2024/10/30 6:15 p.m.2 views

CVE-2024-48646

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...

8.1CVSS5.8AI score0.00525EPSS
Exploits2References1
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.8 views

Git Authorization Problem Vulnerability

Git is a free, open source distributed version control system. Git version 1.7.3 suffers from an authorization issue vulnerability that stems from the ability to use passwords for unexpected resources. In order to exploit, a user must perform a git pull operation, decrypt the password, and use th...

7.5CVSS7.1AI score0.00586EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/20 12:0 a.m.2 views

UCMS suffers from a file upload vulnerability (CNVD-2020-69467)

UCMS is a content management system written in PHP. UCMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/10/16 12:0 a.m.2 views

Command Execution Vulnerability in BayCloud CMS

Beyun cms content management system is an open source content management system based on tp5.1. Beyuncms has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/06/02 12:13 p.m.4 views

freerdp: Out-of-bounds write in interleaved.c

A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data...

6.6CVSS5.8AI score0.01845EPSS
Exploits1References4
CNVD
CNVD
added 2020/04/18 12:0 a.m.2 views

Command Execution Vulnerability in AdminSet

Adminset is a true fully automated Ops platform developed with Ops thinking in mind. AdminSet suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/04/10 3:23 p.m.4 views

kernel: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel

A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted...

7.1CVSS7AI score0.0363EPSS
Exploits0References4
Rows per page
Query Builder