Lucene search
K

106 matches found

NVD
NVD
added 2024/04/24 3:15 p.m.10 views

CVE-2024-32872

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS5.4AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/12/11 6:27 a.m.165 views

CVE-2023-50164

A flaw was found in Apache Struts. Affected versions of this package are vulnerable to Remote Code Execution RCE via manipulation of file upload parameters that enable path traversal. Under certain conditions, uploading a malicious file is possible, which may then be executed on the server...

9.8CVSS7.4AI score0.80819EPSS
Exploits15References4
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.6 views

GLPI Input Validation Error Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

10CVSS7.1AI score0.00849EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/18 10:51 p.m.20 views

CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

9CVSS7.3AI score0.00484EPSS
Exploits0References1
Prion
Prion
added 2023/09/05 11:15 p.m.33 views

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

4.3CVSS7.8AI score0.00183EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.4 views

WordPress plugin WP Ultimate CSV Importer Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

8.8CVSS7.7AI score0.01239EPSS
Exploits0References4
NVD
NVD
added 2023/05/23 2:15 a.m.13 views

CVE-2023-27397

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

9.8CVSS9.6AI score0.00915EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.7 views

CVE-2023-27397

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

9.6AI score0.00915EPSS
Exploits0References2
NVD
NVD
added 2023/03/16 8:15 p.m.28 views

CVE-2023-0598

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

9.8CVSS9AI score0.00571EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-7457 · Ge Digital · Ge Digital Proficy Ifix

Name of the Vulnerable Software and Affected Versions: GE Digital Proficy iFIX versions 6.1 through 6.5 GE Digital Proficy iFIX 2022 Description: The issue is related to incorrect code generation management in the GE Proficy HMI/SCADA iFIX software, which may allow an attacker to gain full contro...

10CVSS9.5AI score0.00571EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/05/05 4:29 p.m.21 views

CVE-2022-27662

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...

4.8CVSS5.7AI score0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/12 4:28 p.m.16 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

8.2AI score0.0379EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2021/10/28 7:59 a.m.13 views

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...

1.5AI score
Exploits0
Prion
Prion
added 2021/06/14 2:15 p.m.27 views

Code injection

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

6.5CVSS8.6AI score0.52007EPSS
Exploits8References3Affected Software1
The Hacker News
The Hacker News
added 2021/02/06 10:30 a.m.115 views

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google,...

1.3AI score
Exploits0
CNVD
CNVD
added 2020/12/11 12:0 a.m.2 views

Kirby Code Issues Vulnerabilities

Kirby is a document-based content management system CMS. A security vulnerability exists in Kirby versions prior to 2.5.14 that stems from the fact that an editor with full access to the Kirby panel could upload a PHP .phar file and execute it on the server. No details of the vulnerability are...

9.1CVSS7.1AI score0.0147EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.6 views

Kirby 代码问题漏洞

Kirby is a document-based content management system CMS. A security vulnerability exists in Kirby versions prior to 2.5.14 that stems from the fact that an editor with full access to the Kirby panel could upload a PHP .phar file and execute it on the server. No details of the vulnerability are...

9.1CVSS7.4AI score0.0147EPSS
Exploits0References7
CNVD
CNVD
added 2020/09/18 12:0 a.m.4 views

SpamTitan Command Injection Vulnerability

SpamTitan is an anti-spam solution from C/o Copperfasten, Ireland. The solution is characterized by easy installation and simple configuration. A command injection vulnerability exists in SpamTitan 7.07. The vulnerability stems from improper input validation of the community parameter in...

10CVSS7.8AI score0.73668EPSS
Exploits5References1
OSV
OSV
added 2020/09/09 4:15 p.m.6 views

CVE-2020-24566

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then under certain circumstances the account password is exposed in...

7.5CVSS7.2AI score0.01812EPSS
Exploits0References2
Veracode
Veracode
added 2020/07/30 8:32 a.m.18 views

Unrestricted File Upload

concrete5/concrete5 allows unrestricted file uploads. An attacker is able to upload a malicious PHP file with a file extension such as .phar, which would cause the server to execute PHP codes within the file under the context of the server...

7.2CVSS2.8AI score0.02936EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder