Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/02/05 1:22 p.m.5 views

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS5.8AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 11:16 a.m.5 views

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

9.8CVSS6.1AI score0.00478EPSS
Exploits0References6
NVD
NVD
added 2026/02/04 11:16 a.m.11 views

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS0.00478EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/04 10:26 a.m.3 views

CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS5.8AI score0.00478EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 10:26 a.m.31 views

CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS0.00478EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:26 a.m.7 views

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS5.7AI score0.00478EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/02/04 10:26 a.m.24 views

CVE-2025-59818

CVE-2025-59818 enables authenticated remote code execution by manipulating the file name of an uploaded file. The entry notes a high-severity flaw (CVSS v3.1 base score 10.0) with impact to confidentiality, integrity, and availability (all High). Concrete affected products, versions, root cause s...

10CVSS5.8AI score0.00478EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/02/04 10:26 a.m.9 views

EUVD-2025-206811

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

10CVSS5.8AI score0.00478EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-5926

Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables authenticated attackers to execute arbitrary commands on the underlying system by manipulating the file name during file uploads. The vulnerability resides in the file upload...

10CVSS6.1AI score0.00478EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS7.8AI score0.00489EPSS
Exploits1References1
CVE
CVE
added 2025/12/11 12:0 a.m.14 views

CVE-2025-65473

CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...

9.1CVSS7.4AI score0.00489EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2855

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00587EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39449

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02493EPSS
Exploits1References1
NVD
NVD
added 2025/08/26 9:15 p.m.4 views

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

6.1CVSS0.00188EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

6.1CVSS6.4AI score0.00441EPSS
Exploits0References2
OSV
OSV
added 2024/02/22 5:15 a.m.4 views

CVE-2024-25801

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...

6.1CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2024/02/22 5:15 a.m.18 views

CVE-2024-25801

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...

6.1CVSS5.5AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/17 4:15 a.m.3 views

CVE-2023-48649

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

5.4CVSS5.8AI score0.00587EPSS
Exploits0References6
Prion
Prion
added 2023/11/17 4:15 a.m.18 views

Design/Logic Flaw

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

4.9CVSS6AI score0.00587EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/17 12:0 a.m.27 views

CVE-2023-48649

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

3.5CVSS5.4AI score0.00587EPSS
Exploits0References5
Rows per page
Query Builder