Lucene search
+L

68 matches found

OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26350

A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests...

8.8CVSS5.8AI score0.00846EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:40 a.m.15 views

CVE-2024-45219

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....

8.5CVSS8.7AI score0.01229EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 7:55 a.m.4 views

CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....

8.5CVSS6.1AI score0.01229EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.6 views

WordPress Plugin Template Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS7.7AI score0.0045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.15 views

PT-2024-19819 · WordPress · The Template Kit

Name of the Vulnerable Software and Affected Versions: The Template Kit – Import plugin for WordPress versions prior to 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping in the template upload functionality, allowing authenticated attackers with author...

6.4CVSS9.4AI score0.0045EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

Template Kit – Import < 1.0.15 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the template upload functionality due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that wil...

6.4CVSS6AI score0.0045EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/22 11:15 a.m.35 views

CVE-2023-50569

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

6.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2023/12/22 11:15 a.m.4 views

UBUNTU-CVE-2023-50569

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2023/12/22 12:0 a.m.33 views

CVE-2023-50569

Removed by vendor...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-31591 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue is a Reflected Cross Site Scripting XSS vulnerability that allows remote attackers to escalate privileges. This occurs when an xml template file is uploaded via the "templates import.php" API...

8.8CVSS6AI score0.84628EPSS
Exploits13References48
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.6 views

PT-2023-8110 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue is related to insufficient protection of the web page structure in the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks and gain unauthorized acce...

8.8CVSS6.2AI score0.84628EPSS
Exploits13References65
Veracode
Veracode
added 2023/07/21 9:14 a.m.26 views

Denial Of Service (DoS)

ethycafides is vulnerable to Denial Of Service DoS. The vulnerability exists due to a lack of validation in the template upload feature, which allows an attacker with with the CONNECTORTEMPLATEREGISTER scope to upload a malicious zip bomb file, causing the fides webserver to run out of resources...

4.9CVSS6.8AI score0.00568EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/07/18 7:15 p.m.32 views

CVE-2023-37480

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

4.9CVSS0.00568EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/18 6:19 p.m.19 views

CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

2.7CVSS6.8AI score0.00568EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/18 6:19 p.m.48 views

CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

2.7CVSS5.7AI score0.00568EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.10 views

Fides 资源管理错误漏洞

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A resource management error vulnerability exists in Fides versions 2.11.0 through 2.15.1, which is rooted in...

4.9CVSS5.3AI score0.00568EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/02/11 3:26 p.m.13 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pwndoc_Project Pwndoc

CVE-2022-45771 The PwnDoc...

8.8CVSS9.1AI score0.01751EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2022/02/18 7:15 p.m.5 views

CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...

9.8CVSS8.1AI score0.03743EPSS
Exploits1References2
NVD
NVD
added 2022/01/26 5:15 p.m.17 views

CVE-2021-46115

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...

7.2CVSS0.01102EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/26 5:15 p.m.7 views

CVE-2021-46115

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...

7.2CVSS7.1AI score0.01102EPSS
Exploits1References4
Rows per page
Query Builder