Lucene search
K

85 matches found

CNNVD
CNNVD
added 2023/09/15 12:0 a.m.6 views

Gradio Code Issue Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A security vulnerability exists in Gradio version v3.27.0, which stems from an arbitrary file upload vulnerability in the /upload interface...

4.8CVSS7AI score0.00345EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/15 12:0 a.m.13 views

CVE-2023-41626

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...

5.6AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.7 views

PT-2023-28006 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio version 3.27.0 Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability can be exploited via the "/upload" interface. Recommendations: For Gradio version 3.27.0, consider disabling the /upload...

4.8CVSS5AI score0.00345EPSS
Exploits0References5
OSV
OSV
added 2023/08/22 10:15 p.m.3 views

CVE-2020-24113

Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service DoS...

9.1CVSS5.8AI score0.01048EPSS
Exploits0References1
OSV
OSV
added 2023/06/16 6:15 p.m.10 views

CVE-2023-34660

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface...

6.5CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.3 views

jjeecg-boot 代码问题漏洞

JEECG jjeecg-boot is a low-code development platform based on a code generator from JEECG. A security vulnerability exists in jjeecg-boot version V3.5.0, which originates from an unauthorized arbitrary file upload issue in the /jeecg-boot/jmreport/upload interface...

6.5CVSS6.7AI score0.00639EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/16 12:0 a.m.21 views

CVE-2023-34660

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface...

6.7AI score0.00639EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.2 views

D-Link DI-7500G-CI 跨站脚本漏洞

The D-Link DI-7500G-CI is an Internet Behavior Management router from China-based D-Link. A security vulnerability exists in the D-Link DI-7500G-CI-19.05.29A, which can be exploited to execute arbitrary code via the /authpic.cgi file upload interface in the route management interface...

5.4CVSS6.3AI score0.0063EPSS
Exploits1References2
NVD
NVD
added 2022/03/10 5:46 p.m.14 views

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

9.8CVSS0.02486EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/10 5:31 p.m.46 views

CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

9.8AI score0.02486EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

Tensent SentCMS 代码问题漏洞

Tensent SentCMS is a simple and easy-to-use website management system from Tensent, China. A security vulnerability exists in Tensent SentCMS version 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the file upload interface of the /admin/upload/upload php code in the...

9.8CVSS8.4AI score0.02486EPSS
Exploits1References2
CVE
CVE
added 2020/09/30 5:34 p.m.49 views

CVE-2020-19672

CVE-2020-19672 affects Niushop B2B2C Multi-business basic version V1.11. The vulnerability allows bypassing the administrator to access the background upload interface, exploiting an upload parameter to bypass getimagesize and upload a PHP file, leading to getshell. This is what the provided docu...

9.8CVSS9.3AI score0.01347EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/06/24 5:15 p.m.3 views

CVE-2020-11960

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...

9.8CVSS7.3AI score0.01433EPSS
Exploits0References1
Prion
Prion
added 2020/03/02 6:15 p.m.20 views

Cross site scripting

A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...

4.3CVSS6AI score0.01042EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/10/09 4:15 p.m.10 views

CVE-2019-17376

cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface SEC-521...

6.1CVSS6AI score0.00481EPSS
Exploits0References1
CVE
CVE
added 2019/10/09 3:9 p.m.50 views

CVE-2019-17376

CVE-2019-17376 affects cPanel prior to 82.0.15, where the SSL Certificate Upload interface is vulnerable to self-XSS due to insufficient validation in client-side data handling. Multiple sources confirm the flaw exists in the SSL Certificate Upload feature and is tied to versions older than 82.0....

6.1CVSS5.9AI score0.00481EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/08/09 12:0 a.m.5 views

cPanel cross-site scripting vulnerability (CNVD-2019-27021)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the alias upload interface in versions prior to cPanel 60.0.25. The vulnerability...

5.4CVSS6.5AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2019/08/06 1:15 p.m.4 views

CVE-2016-10784

cPanel before 60.0.25 allows self XSS in the alias upload interface SEC-184...

5.4CVSS5.8AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2019/08/01 4:15 p.m.1 views

CVE-2018-20926

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface SEC-380...

6.7CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2019/08/01 4:15 p.m.20 views

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...

6.7CVSS6.7AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder