Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/06 3:0 a.m.3 views

CVE-2026-5615

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

5.3CVSS4.5AI score0.00773EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.20 views

CVE-2020-37054 Navigate CMS 2.8.7 - Cross-Site Request Forgery

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

5.1CVSS0.00203EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

ImpressCMS 代码问题漏洞

ImpressCMS is a MySQL-based, modular content management system CMS from ImpressCMS. The system includes modules for press releases, forums and photo albums. A code issue vulnerability exists in ImpressCMS version 1.4.4, which stems from improperly cleaned file upload extensions, and could allow a...

9.8CVSS6.1AI score0.00983EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-3366

Malware in sbrugna...

7CVSS6.9AI score0.00708EPSS
Exploits0References2
CVE
CVE
added 2025/05/29 3:17 p.m.73 views

CVE-2025-48471

CVE-2025-48471 pertains to FreeScout (PHP/Laravel). The vulnerability arises from insufficient validation of uploaded files, allowing files with phtml and phar extensions to be uploaded, which can enable remote code execution when hosted on Apache. The issue affects FreeScout versions prior to 1....

9.8CVSS7.4AI score0.00958EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.5 views

PT-2023-18780 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The lookup table upload feature in Splunk Enterprise allowed users to upload lookup tables with...

4.3CVSS7.2AI score0.00414EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.3 views

CVE-2022-2356

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...

8.8CVSS5.9AI score0.0078EPSS
Exploits2References2
Prion
Prion
added 2017/07/30 6:29 p.m.17 views

Code injection

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...

6CVSS7AI score0.00708EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/30 6:0 p.m.24 views

CVE-2017-11756

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...

7.1AI score0.00708EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/19 12:0 a.m.4 views

Multiple Cross-Site Request Forgery Vulnerabilities in Zimbra Collaboration

Zimbra can provide open source email server software and shared calendars. Multiple cross-site request forgery CSRF vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors including 1 client-side upload...

8.8CVSS7.4AI score0.00928EPSS
Exploits0References1
Rows per page
Query Builder