Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.10 views

CVE-2021-33692

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories...

7.5CVSS7AI score0.0117EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 2:15 a.m.5 views

CVE-2019-25295

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

6.5CVSS0.00528EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 1:50 a.m.3 views

CVE-2019-25295 WP Cost Estimation < 9.660 - Upload Directory Traversal

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

6.5CVSS6.1AI score0.00528EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/08 1:50 a.m.5 views

EUVD-2026-1597

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

6.5CVSS6AI score0.00528EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23367

Malware in sbrugna...

4.9CVSS5.2AI score0.01054EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.5 views

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS6.8AI score0.02458EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.35 views

K14574: PHP vulnerability CVE-2012-1172

Security Advisory Description PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it...

5.8CVSS9.2AI score0.06365EPSS
Exploits2Affected Software11
Patchstack
Patchstack
added 2019/02/14 12:0 a.m.12 views

WordPress WP Cost Estimation plugin < 9.660 - Upload Directory Traversal vulnerability

Upload Directory Traversal vulnerability found by Wordfence in WordPress WP Cost Estimation plugin versions 9.660. Solution All versions older than version 9.660 are vulnerable, update to the latest version at least 9.660...

2.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/14 12:0 a.m.12 views

WP Cost Estimation < 9.660 - Upload Directory Traversal

The WPEstimationForm WordPress plugin was affected by an Upload Directory Traversal security vulnerability...

3.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder