Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-33995

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin user insert.php and vms/php/update 1.php. The move uploaded file function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP...

5.9AI score0.00807EPSS
Exploits1References3
NVD
NVD
added 2026/01/24 8:16 a.m.11 views

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS0.01056EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.4 views

TECOrange Simple E-Document 安全漏洞

TECOrange Simple E-Document is a TECOrange system for bulk email reception. A security vulnerability exists in TECOrange Simple E-Document versions 3.0 through 3.1 that stems from an upload mechanism that does not restrict file types and validate inputs, which could lead to arbitrary file uploads...

9.2CVSS7.9AI score0.01219EPSS
Exploits0References4
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

8.8CVSS5.9AI score0.00661EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.4 views

Apache StreamPark 代码问题漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...

9.8CVSS8.6AI score0.01308EPSS
Exploits0References2
OSV
OSV
added 2023/01/11 12:0 a.m.7 views

CVE-2022-0553 Possible to retrieve uncrypted firmware image

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

6.5CVSS5.9AI score0.00282EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.7 views

Safe Software FME Server 路径遍历漏洞

Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...

9.1CVSS7.2AI score0.0097EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/10/07 8:12 p.m.2 views

CVE-2021-38484

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...

9.1CVSS7.3AI score0.02597EPSS
Exploits0References2
Rows per page
Query Builder