Lucene search
K

174 matches found

Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
NVD
NVD
added 2026/06/15 8:16 p.m.20 views

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

9.8CVSS0.00627EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:6 p.m.3 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/01/22 5:48 p.m.176 views

Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

CVE-2024-51793 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.2AI score0.01794EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.10 views

CVE-2021-22736

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded...

7.5CVSS6.8AI score0.01134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.5 views

CVE-2019-18320

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the...

7.5CVSS6.5AI score0.01067EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.10 views

PT-2025-47787

Name of the Vulnerable Software and Affected Versions S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress versions through 1.7.8 Description The software is susceptible to arbitrary file uploads because of a lack of file type validation within the storeFile...

7.2CVSS7.5AI score0.00873EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16959

Malware in sbrugna...

6.5CVSS6.4AI score0.00981EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5856

Malware in sbrugna...

7.5CVSS7.6AI score0.02087EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-28647

Malware in sbrugna...

9.8CVSS9.2AI score0.01659EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50755

Malicious code in bioql PyPI...

3.7CVSS8.9AI score0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9871

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01134EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1832

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00639EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9875

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/15 3:43 a.m.17 views

CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS0.47809EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/06/12 6:20 a.m.8 views

CVE-2025-4954

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

8.8CVSS8.7AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.6 views

CVE-2024-5450

The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...

9.1CVSS7.1AI score0.00754EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.15 views

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

8.1CVSS6.9AI score0.83535EPSS
Exploits9References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:16 p.m.9 views

CVE-2021-22740

Information Exposure vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.8 views

CVE-2019-14706

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

7.5CVSS7.6AI score0.02087EPSS
Exploits0References1
Rows per page
Query Builder