Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/10/27 12:15 p.m.4 views

CVE-2025-12268

A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate...

9.8CVSS0.00062EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/10/27 11:32 a.m.9 views

CVE-2025-12268 LearnHouse Course Thumbnail courses unrestricted upload

A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate...

6.5CVSS0.00062EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an...

8.8CVSS7.8AI score0.27765EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2023/10/10 12:15 p.m.0 views

CVE-2023-44763

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting XSS. NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the...

5.4CVSS5.8AI score0.00269EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/10/10 12:0 a.m.2 views

PT-2023-29287 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9.2.1 Description: The issue allows for Arbitrary File Upload via a Thumbnail file upload, which can lead to Cross-Site Scripting XSS. This is possible even with the default configuration, where 'pdf' is one of the allowe...

5.4CVSS6.2AI score0.00269EPSS
Exploits1References9
RedhatCVE
RedhatCVEadded 2023/08/22 5:50 p.m.37 views

CVE-2023-36674

A flaw was found in MediaWiki. When manually setting a thumbnail image for an image embed, the thumbnail image is not checked against the bad file list, allowing it to be embedded...

5.3CVSS7.4AI score0.00044EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/05/08 12:0 a.m.3 views

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open-source J2ee system from China's MingSoft. A security vulnerability exists in MCMS version 5.0, which stems from a file upload vulnerability that allows an attacker to execute arbitrary code via a created thumbnail image...

8.8CVSS8.4AI score0.00729EPSS
Exploits1References3
myhack58
myhack58added 2010/01/19 12:0 a.m.16 views

Bo Yin technology management system 1 7, then storm latest oday-vulnerability warning-the black bar safety net

The original vulnerability: GG search inurl:cpzs. asp? ProClass= The root directory under /manage/Product/addnews. asp Content just to write the thumbnail upload there the asp of the horse After the submission of the to the EDIT to find that the asp name Structure http:// 网址 /UpLoadPic/ProPic/ 上传...

0.1AI score
Exploits0
Rows per page
Query Builder