Lucene search
+L

101 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-9731

Malicious code in bioql PyPI...

8.7CVSS7.4AI score0.02402EPSS
Exploits0References5
OSV
OSV
added 2025/06/27 3:15 p.m.6 views

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

5.3CVSS5.8AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26742

Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance SMA versions 13.0.x through 13.0.384 Quest KACE Systems Management Appliance SMA versions 13.1.x through 13.1.80 Quest KACE Systems Management Appliance SMA versions 13.2.x through 13.2.182 Quest KACE...

10CVSS5.8AI score0.02417EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 8:15 a.m.8 views

CVE-2024-9756

The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoaaddattachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.8AI score0.00852EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.9 views

CVE-2023-2496

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

7.5CVSS7.5AI score0.00794EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/06 12:0 a.m.9 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

7.2CVSS7AI score0.01412EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/04/04 10:27 p.m.17 views

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS7.3AI score0.00387EPSS
Exploits0References1
OSV
OSV
added 2025/04/04 2:28 p.m.12 views

GHSA-WG47-6JQ2-Q2HH MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

8.7CVSS7AI score0.02402EPSS
Exploits0References5
NVD
NVD
added 2025/04/03 8:15 p.m.31 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS0.02402EPSS
Exploits0References2
CVE
CVE
added 2025/04/03 7:36 p.m.1645 views

CVE-2025-31489

Affected product: MinIO object storage server. Vulnerability: incomplete/signature validation for unsigned-trailer uploads allows a client with an existing bucket WRITE permission and knowledge of an access-key and bucket name to upload arbitrary objects by using any secret. Impact (as stated): p...

8.7CVSS6.8AI score0.02402EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/02 9:38 p.m.6 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS7.2AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/02 9:38 p.m.23 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS0.00387EPSS
Exploits0References2
CVE
CVE
added 2025/04/02 9:38 p.m.61 views

CVE-2025-31484

CVE-2025-31484 affects the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, the infrastructure used the wrong Azure cf-staging access token, allowing any feedstock maintainer to upload a package to the conda-forge channel and bypass the standard feedstock-token + upload process. The...

9.3CVSS7.2AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 9:38 p.m.12 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS6.8AI score0.00387EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14560 · Unknown · Conda-Forge

Name of the Vulnerable Software and Affected Versions: conda-forge infrastructure affected versions not specified Description: A bug in the conda-forge infrastructure allowed any feedstock maintainer to upload a package to the conda-forge channel, bypassing the feedstock-token + upload process,...

9.3CVSS6.2AI score0.00387EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

GPT Academic 跨站请求伪造漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that a request is from a trusted user. An attacke...

8.8CVSS6.5AI score0.00223EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.280 views

ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit

Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.12 views

PT-2024-34306 · Unknown · Rudra Innovative Software Training – Courses

Name of the Vulnerable Software and Affected Versions: Rudra Innovative Software Training – Courses versions prior to 2.0.1 Description: The issue allows unauthorized upload of malicious files, specifically a web shell, to a web server. This poses a significant risk to the security of the web...

9.9CVSS7.3AI score0.00482EPSS
Exploits0References9
CVE
CVE
added 2024/10/15 8:20 a.m.66 views

CVE-2024-9985

CVE-2024-9985 involves the Ragic Enterprise Cloud Database. The vulnerability arises from improper validation of uploaded file types, enabling attackers with regular privileges to upload a webshell and execute arbitrary code on the remote server. Multiple sources (NVD and national/ regional advis...

10CVSS9.9AI score0.00625EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.6 views

WordPress plugin Order Attachments for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.6AI score0.00852EPSS
Exploits1References5
Rows per page
Query Builder