Lucene search
K

31239 matches found

CVE
CVE
added 2026/02/03 10:1 p.m.22 views

CVE-2020-37073

Victor CMS 1.0 has an authenticated file-upload flaw in the user_image parameter. The vulnerability allows an administrator to upload arbitrary PHP files (a PHP shell) to the /img/ directory, enabling command execution when the uploaded file is accessed with a cmd parameter. The issue is describe...

8.8CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 8:49 p.m.28 views

CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

7.7CVSS0.00464EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 8:2 p.m.21 views

CVE-2026-1803

CVE-2026-1803 affects Ziroom ZHOME A0101 1.0.1.0, specifically the Dropbear SSH Service component. The vulnerability enables use of default credentials and allows remote exploitation. Reported impact indicates high severity with network attack vector and potentially complete confidentiality, inte...

9.2CVSS4.4AI score0.00604EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/03 7:32 p.m.11 views

Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/03 7:32 p.m.4 views

GHSA-Q728-GF8J-W49R Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 7:16 p.m.2 views

CVE-2025-62501

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

8.1CVSS5.8AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 6:52 p.m.28 views

CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS0.00465EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 6:52 p.m.10 views

CVE-2025-62501

TP-Link Archer AX53 (v1.0) is affected by an SSH hostkey misconfiguration in the tmpserver modules up to version 1.3.1 Build 20241120, enabling a MITM to capture credentials and potentially grant unauthorized access if those credentials are reused. Public details across NVD/Red Hat/CVE records co...

8.1CVSS5.4AI score0.00465EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/02/03 6:32 p.m.137 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163---Maltrail-0.53---RCE...

6.5CVSS5.3AI score0.07497EPSS
Exploits29
NVD
NVD
added 2026/02/03 6:16 p.m.7 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS0.00415EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 6:16 p.m.5 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.6AI score0.00781EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 6:16 p.m.4 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS0.00781EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.7 views

CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.28 views

CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS0.00415EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 4:52 p.m.13 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 ships with phpMyAdmin 2.10.0.2 by default, enabling remote login. If an attacker gains platform access, they can reach phpMyAdmin, upload a shell, and view the config.php to obtain the MySQL password, enabling full database compromise. The provided documents do not specify ...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/03 4:52 p.m.8 views

EUVD-2020-30979

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/03 4:52 p.m.7 views

EUVD-2020-30982

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37113 GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 4:52 p.m.16 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 is affected by a file upload extension bypass vulnerability. Authenticated users can rename a PHP file to .php3 or .PhP to bypass the exercise submission file-type checks, upload a web shell, and achieve remote code execution on the server. This is documented across CVE-202...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder