Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2025/10/03 12:0 a.m.9 views

CVE-2025-60445

CVE-2025-60445 affects XunRuiCMS 4.7.1. Root cause: insufficient validation of SVG uploads in dayrui/Fcms/Library/Upload.php, enabling stored XSS when the uploaded file is viewed. Impact: injected JavaScript code executes in the context of the uploaded SVG. Remediation: no patch/fix details provi...

6.1CVSS5.6AI score0.00208EPSS
Exploits1References1Affected Software1
Snyk
Snykadded 2025/08/21 9:30 a.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of upload types in remote cluster upload sessions. An attacker with system admin privileges can gain unauthorized access to sensitive files by uploading non-attachment file types through...

8.7CVSS7.3AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/07/25 12:0 a.m.2 views

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.2.1, which stems from the upload function not properly validating MIME types and extensions, which could lead to remote code execution...

8.8CVSS7.9AI score0.02318EPSS
Exploits1References7
OSV
OSVadded 2025/04/10 2:15 p.m.2 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS5.9AI score0.00674EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2024/08/11 12:0 a.m.3 views

PT-2024-38516

Name of the Vulnerable Software and Affected Versions TeamT5 ThreatSonar Anti-Ransomware versions through 3.4.5 Description ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. This allows remote attackers with administrator privileges on the product...

7.2CVSS6.3AI score0.01807EPSS
Exploits0References33
Positive Technologies
Positive Technologiesadded 2024/03/21 12:0 a.m.3 views

PT-2024-23087 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.187 Description: The issue arises from the add misp export function in app/Controller/EventsController.php not properly checking for a valid file upload. This could potentially lead to security weaknesses...

9.8CVSS6.9AI score0.00816EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2023/07/13 12:0 a.m.10 views

PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

9.9CVSS9.6AI score0.01454EPSS
Exploits2References10
OSV
OSVadded 2023/05/02 8:15 a.m.3 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00962EPSS
Exploits2References1
Rows per page
Query Builder