CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

5.4CVSS5.5AI score0.00034EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43630

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

7.7CVSS5.7AI score

Exploits0References4

NVD•added 2026/05/14 7:16 p.m.•5 views

CVE-2026-22707

5.4CVSS0.00034EPSS

Exploits0References1

OSV•added 2026/03/10 5:37 p.m.•1 views

CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

4.6CVSS5.9AI score0.00042EPSS

Exploits0References5

CVE•added 2026/02/25 2:36 a.m.•6 views

CVE-2026-27621

CVE-2026-27621 affects TypiCMS Core prior to 16.1.7. A Stored XSS exists in the file upload module: SVG files can bypass sanitization despite MIME type validation, allowing an attacker with upload privileges to inject malicious JavaScript. When an admin or authenticated user views the uploaded SV...

6.8CVSS5.6AI score0.00039EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2026/02/06 12:0 a.m.•3 views

PT-2026-6847

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.5AI score0.00067EPSS

Exploits0References6

CNNVD•added 2026/02/03 12:0 a.m.•3 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained code vulnerabilities. These vulnerabilities allowed verified users with file editor privileges to upload and execute arbitrary PHP code through file creation and saving endpoints,...

9.9CVSS6.4AI score0.00183EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 12:38 p.m.•5 views

CVE-2023-50692

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the downloadurl parameter in the app/admin/exts/ directory...

8.8CVSS7.8AI score0.0129EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:55 a.m.•8 views

CVE-2020-12849

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user...

5.4CVSS6.9AI score0.0063EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•7 views

CVE-2020-24986

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...

9CVSS7.4AI score0.00733EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:35 a.m.•5 views

CVE-2024-41350

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/imageUp.php...

6.1CVSS6.1AI score0.00364EPSS

Exploits1References1