Lucene search
K

59 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54662

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0042EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-22018

Malicious code in bioql PyPI...

7.2CVSS5AI score0.004EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.3 views

Academico 代码问题漏洞

Academico is a Lavarel-based elementary and middle school school management platform from Academico Open Source. Academico has a code issue vulnerability that stems from a missing upload restriction in the file/edit-photo function, which could lead to a remote upload attack...

6.5CVSS6.7AI score0.00322EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/31 12:0 a.m.11 views

CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious...

0.00225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/25 12:28 a.m.14 views

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

7.5CVSS6.9AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2025/07/23 7:15 p.m.4 views

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

7.5CVSS0.00861EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.3 views

Mitel 6800 Series、Mitel 6900 Series和Mitel 6900w Series 安全漏洞

Mitel 6800 Series and others are a series of telephones from the Canadian company Mindy Mitel. A security vulnerability exists in the Mitel 6800 Series, Mitel 6900 Series, and Mitel 6900w Series that stems from a lack of an authentication mechanism that could lead to a file upload attack...

7.5CVSS6.9AI score0.00861EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/23 12:0 a.m.8 views

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

0.00861EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/23 12:0 a.m.3 views

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

6.9AI score0.00861EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/05 10:19 p.m.7 views

CVE-2025-5322

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the doupdatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

7.2CVSS7.3AI score0.00626EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/06/20 12:30 p.m.19 views

Mattermost allows authenticated users to write files to arbitrary locations

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

9.9CVSS9.7AI score0.00687EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2025/06/16 5:31 a.m.5 views

CVE-2025-6108 hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file...

6.5CVSS7AI score0.00417EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.5 views

PT-2025-23159 · Huocms · Huocms

Name of the Vulnerable Software and Affected Versions: HuoCMS versions 3.5.1 and earlier Description: The issue allows attackers to take control of the target server through file upload. Recommendations: For HuoCMS versions 3.5.1 and earlier, at the moment, there is no information about a newer...

5.3CVSS6.3AI score0.00333EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/23 1:18 a.m.5 views

CVE-2022-30289

A stored Cross-site Scripting XSS vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location...

5.4CVSS5.7AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.6 views

CVE-2022-25242

In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery CSRF...

8.8CVSS7.1AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.7 views

CVE-2020-13443

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...

8.8CVSS8AI score0.0435EPSS
Exploits1
NVD
NVD
added 2025/05/01 2:15 p.m.6 views

CVE-2025-25016

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation...

4.3CVSS0.00274EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the creation and upload of a customized GGUF model file. An attacker can cause the server to allocate unlimited memory, leading to system unavailability by uploading a...

8.7CVSS7AI score0.00672EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-5CPQ-9538-JM2J Gradio DOS in multipart boundry while uploading the file

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service DoS attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue...

7.5CVSS7.1AI score0.00744EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-8018 Denial of Service (DOS) in imartinez/privategpt

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...

7.5CVSS0.00588EPSS
Exploits1References1
Rows per page
Query Builder