Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/01/28 5:35 p.m.4 views

EUVD-2020-30880

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

8.7CVSS6.5AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/03/20 12:0 a.m.1 views

DB-GPT 路径遍历漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A path traversal vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the knowledge API that allows an attacker to write a file to an...

9.1CVSS9.1AI score0.00235EPSS
Exploits1References1
NVD
NVDadded 2024/11/19 5:15 p.m.18 views

CVE-2024-52600

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

5.3CVSS0.00386EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2024/08/19 5:29 p.m.16 views

Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

9.8CVSS6.7AI score0.0043EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2024/01/20 12:0 a.m.27 views

CVE-2021-31314

The CVE-2021-31314 entry concerns ejinshan v8+ terminal security system and is a file upload vulnerability that allows an attacker to upload arbitrary files to arbitrary locations on the server. The NVD/Red Hat/CNNVD entries corroborate an unrestricted file upload issue affecting ejinshan v8+; th...

9.8CVSS9.4AI score0.002EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker Newsadded 2019/10/17 10:28 a.m.74 views

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal...

7.3AI score
Exploits0
Cvelist
Cvelistadded 2019/08/05 11:30 a.m.12 views

CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

7.6AI score0.0031EPSS
Exploits1References4
ThreatPost
ThreatPostadded 2009/10/27 3:36 p.m.11 views

Facebook Password-Reset Spam is Botnet Attack

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware. The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-the...

2.8AI score
Exploits0References2
Rows per page
Query Builder