Lucene search
K

66 matches found

NVD
NVD
added 2025/12/01 7:16 a.m.5 views

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

8.1CVSS0.00409EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2025/11/10 6:40 p.m.156 views

Exploit for CVE-2025-12973

S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image G...

7.2CVSS7.2AI score0.00873EPSS
Exploits1
NVD
NVD
added 2025/10/09 3:16 p.m.6 views

CVE-2025-39664

Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...

7.1CVSS0.00647EPSS
Exploits1References3
OSV
OSV
added 2025/09/15 8:0 p.m.7 views

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

9.1CVSS6.9AI score0.00346EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/11 2:30 a.m.23 views

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

8.8CVSS8.7AI score0.04714EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.16 views

VulnCheck KEV: CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

8.8CVSS6.1AI score0.18461EPSS
In wildExploits4References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.9 views

CVE-2022-29457

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...

8.8CVSS6.8AI score0.07947EPSS
Exploits4References1
OSV
OSV
added 2025/05/06 1:15 p.m.6 views

CVE-2025-4354

A vulnerability was found in Tenda DAP-1520 1.10B04BETA02 and classified as critical. Affected by this issue is the function checkdwscookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publi...

9.8CVSS6.4AI score0.00992EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/04/23 4:15 p.m.4 views

CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS7.1AI score0.00187EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.6 views

pnpm 安全漏洞

pnpm is a package manager in the pnpm open source. A security vulnerability exists in pnpm versions prior to 10.0.0, which stems from the use of md5 by the path shortening function that may lead to a conflict between different library storage paths...

6.5CVSS6.4AI score0.00187EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/22 5:14 p.m.2 views

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS7AI score0.00592EPSS
Exploits0References9
OSV
OSV
added 2025/03/22 5:15 p.m.7 views

CVE-2025-2621

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

9.8CVSS6.5AI score0.01912EPSS
Exploits1References5
OSV
OSV
added 2025/03/22 3:15 p.m.3 views

CVE-2025-2620

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

9.3CVSS6.2AI score0.07486EPSS
Exploits2References5
OSV
OSV
added 2024/07/09 5:5 p.m.2 views

USN-6888-1 python-django vulnerabilities

Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. CVE-2024-38875 It was discovered that Django...

7.5CVSS6.8AI score0.28637EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/22 6:30 a.m.37 views

Arbitrary File Creation in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename including...

7.2CVSS7.2AI score0.00719EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/06/22 5:0 a.m.66 views

CVE-2024-21519

OpenCart opencart/opencart (v4.0.0.0) is affected by an Arbitrary File Creation vulnerability exposed via the database restoration functionality. The root cause is PHP code injection into the database, allowing an attacker with admin privileges to create a backup file with an arbitrary filename (...

7.2CVSS6.7AI score0.00719EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2024/06/17 6:20 p.m.5 views

Arbitrary File Creation

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Arbitrary File Creation. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges...

7.5CVSS7.2AI score0.00719EPSS
Exploits1References2
OSV
OSV
added 2024/01/03 3:15 a.m.5 views

CVE-2023-45723

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server...

9.8CVSS5.8AI score0.00997EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/14 5:15 p.m.3 views

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

6.5CVSS6.6AI score0.00268EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2023/07/02 12:0 a.m.197 views

Amazon S3 Droppy 1.4.6 Shell Upload

============================================================================================================================ | Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 Français V.Pro | | Vendo...

7.1AI score
Exploits0
Rows per page
Query Builder