Lucene search
K

106 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.10 views

CVE-2026-1560

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS5.9AI score0.09093EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/31 9:12 a.m.4 views

EUVD-2025-205916

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

8.8CVSS7.2AI score0.01053EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.84 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.23 views

CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

6.9CVSS0.00537EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/18 12:11 a.m.7 views

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

8.8CVSS7AI score0.00378EPSS
Exploits1References1
OSV
OSV
added 2025/11/17 4:15 p.m.5 views

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

8.8CVSS5.9AI score0.00378EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.8 views

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

0.00378EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2020-30807

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

8.7CVSS7.5AI score0.01257EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-41389

Malicious code in bioql PyPI...

9CVSS8.8AI score0.00484EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-23944

Malicious code in bioql PyPI...

9.1CVSS7.6AI score0.0099EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.3 views

AndSoft e-TMS 命令注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from improper manipulation of parameter m. An attacker can exploit this vulnerability by sending a POST request to execute an operati...

9.8CVSS7.7AI score0.01416EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 10:24 a.m.2 views

CVE-2025-10267 NewType Infortech|NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS7AI score0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/12 10:24 a.m.5 views

CVE-2025-10267 NewType Infortech|NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS0.00385EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 10:21 a.m.1 views

SUSE-SU-2025:03005-2 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

8.8CVSS8.2AI score0.00709EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-42802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one ...

10CVSS7.9AI score0.00849EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.2 views

SUSE SLES15: postgresql16 / postgresql16-contrib / postgresql16-devel / etc (SUSE-SU-2025:02981-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02981-1 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table...

8.8CVSS7.7AI score0.00709EPSS
Exploits1References10
VulnCheck KEV
VulnCheck KEV
added 2025/08/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

9.8CVSS6.1AI score0.0053EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.6 views

PT-2025-29676 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the webui.py open denoise function. The denoise inp dir and denoise opt dir...

9.8CVSS6.8AI score0.033EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.7 views

CVE-2023-27507

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

9.8CVSS7.3AI score0.01281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.4 views

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...

8.8CVSS7.1AI score0.01108EPSS
Exploits0References1
Rows per page
Query Builder