CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

Snyk•added 2026/05/04 7:44 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00269EPSS

Exploits1References2

CVE•added 2026/03/18 12:0 a.m.•6 views

CVE-2025-58112

CVE-2025-58112 affects Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034). The vulnerability arises when an attacker uploads a malicious .rdl (Report Definition Language) file that is processed by SQL Server Reporting Services, enabling generation of customized reports via...

8.8CVSS6.1AI score0.00464EPSS

Exploits0References2

OSV•added 2026/03/16 3:30 p.m.•3 views

GHSA-44MV-JQ72-GJ49 Mattermost fails to bound memory allocation when processing PSD image files

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS

Exploits0References4

CVE•added 2026/02/10 3:39 p.m.•15 views

CVE-2026-21743

The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...

7.2CVSS5.5AI score0.00336EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:49 a.m.•5 views

CVE-2022-27906

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory...

5.9CVSS7.1AI score0.01038EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:28 a.m.•10 views

CVE-2019-12901

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation...

8.8CVSS7AI score0.01659EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:14 a.m.•3 views

CVE-2024-2840

The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level...

5.4CVSS5.9AI score0.00388EPSS

Exploits0References1

CNNVD•added 2025/12/29 12:0 a.m.•4 views

Priority Web 代码问题漏洞

Priority Web is the Web side of an enterprise resource planning system from Priority Israel. A code issue vulnerability exists in Priority Web that stems from an unrestricted upload of a dangerous type of file, which could lead to an arbitrary file upload attack...

8.8CVSS6AI score0.00287EPSS

Exploits0References1