Lucene search
K

68786 matches found

Nuclei
Nuclei
added yesterday14 views

LG LED Assistant - Thumbnail Path Traversal File Upload

A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...

9.8CVSS6.1AI score0.66969EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday95 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7.2AI score0.65046EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday26 views

Cockpit < 2.4.1 - Arbitrary File Upload

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extensions to bypass the upload filter. id: CVE-2025-1025 info: name: Cockpit 2.4.1 - Arbitrary File Upload author: iamnoooob,rootxharsh,pdresearch severity: high...

8.7CVSS7.1AI score0.176EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

Qualitor <= 8.24 - Remote Code Execution

Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via Arbitrary File Upload in checkAcesso.php. id: CVE-2024-44849 info: name: Qualitor = 8.24 - Remote Code Execution author: s4e-io severity: critical description: | Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via...

9.8CVSS6AI score0.46301EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday370 views

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.8AI score0.12749EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday49 views

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. id:...

9.8CVSS7.4AI score0.06646EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday113 views

Online Piggery Management System v1.0 - Unauthenticated File Upload

Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php. id: CVE-2023-37629 info: name: Online Piggery Management System v1.0 - Unauthenticated File Upload author: Harsh severity: critical descriptio...

9.8CVSS7.2AI score0.15033EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday60 views

WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...

9.8CVSS7.5AI score0.4214EPSS
Exploits3References6
Nuclei
Nuclei
added yesterday65 views

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. id: CVE-2024-0939 info: name: Smar...

9.8CVSS6.4AI score0.43777EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday140 views

WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

9.8CVSS7.3AI score0.17572EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday52 views

Cloudpanel 2 < 2.3.1 - Remote Code Execution

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...

9.8CVSS7.2AI score0.75315EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday55 views

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

7.2CVSS7.5AI score0.84112EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday53 views

Cisco HyperFlex HX Data Platform - Arbitrary File Upload

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user. id:...

5.3CVSS6.3AI score0.80426EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday40 views

Kentico Xperience CMS - Unauthenticated Stored XSS

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. id: CVE-2025-2748 info: name: Kentico Xperience CMS - Unauthenticated Stored XSS author...

6.1CVSS7.3AI score0.59066EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday63 views

Breeze <= 2.4.4 - Arbitrary File Upload

Breeze Cache WordPress plugin = 2.4.4 contains an unrestricted file upload vulnerability caused by missing file type validation in 'fetchgravatarfromremote' function, letting unauthenticated attackers upload arbitrary files, exploit requires 'Host Files Locally - Gravatars' enabled. id:...

9.8CVSS6.2AI score0.36512EPSS
Exploits8References2
Nuclei
Nuclei
added yesterday95 views

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS7.6AI score0.60113EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday33 views

ZoomSounds Plugin - Unauthenticated Arbitrary File Upload

ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...

9.8CVSS7.2AI score0.05288EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday6 views

YesWiki Reflected XSS via File Upload

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS6AI score0.00582EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday73 views

SOPlanning - Remote Code Execution

Detects a remote code execution vulnerability in SOPlanning version 1.52.01 through authenticated PHP file upload. id: CVE-2024-27115 info: name: SOPlanning - Remote Code Execution author: [email protected] severity: high description: | Detects a remote code execution vulnerability in SOPlanni...

10CVSS6.6AI score0.0459EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday248 views

WordPress File Upload <= 4.24.11 - Arbitrary File Read

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS7.3AI score0.92319EPSS
Exploits4References7
Rows per page
Query Builder