Lucene search
K

348 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-6802

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/06 12:30 a.m.9 views

EUVD-2026-41791

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS5.6AI score0.00214EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 3:0 a.m.26 views

CVE-2026-14698 SourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.php unrestricted upload

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file uploadfiles.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 3:0 a.m.8 views

EUVD-2026-41723

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file uploadfiles.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:0 a.m.7 views

CVE-2026-14698

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file uploadfiles.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.7 views

CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References11
NVD
NVD
added 2026/06/15 12:16 p.m.14 views

CVE-2026-34024

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:3 a.m.37 views

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49203

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.4AI score0.00445EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49195

Name of the Vulnerable Software and Affected Versions Wertheim SafeController Software version 6.15.8328.28014 Description Missing authorization checks on multiple web application endpoints allow an authenticated attacker with minimal privileges to access hidden endpoints. This enables the...

8.6CVSS5.6AI score0.00304EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.13 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.13 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:9 p.m.8 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS5.6AI score0.00293EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 9:9 p.m.35 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
NVD
NVD
added 2026/06/09 10:16 a.m.21 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS0.00451EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 10:16 a.m.17 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:46 a.m.8 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:46 a.m.39 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:46 a.m.13 views

EUVD-2026-35384

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:46 a.m.27 views

CVE-2026-46747

The CVE-2026-46747 issue affects SINEC INS (all versions

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder