Lucene search
K

416 matches found

Vulnrichment
Vulnrichment
added 2024/10/31 12:0 a.m.19 views

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

7.6AI score0.00768EPSS
Exploits1References1
NVD
NVD
added 2024/10/30 4:15 p.m.34 views

CVE-2024-50344

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

4.6CVSS0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.6 views

PT-2024-6521 · Rockwell Automation · Rockwell Automation Pavilion8

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 affected versions not specified Description: A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could...

9.8CVSS8.4AI score0.00956EPSS
Exploits0References7
CNVD
CNVD
added 2024/09/06 12:0 a.m.2 views

There is a file uploading vulnerability in Jiangsu Wave Information Consulting Company Limited's state-owned capital supervision informatization platform

Jiangsu Wave Information Consulting Co., Ltd. is an ERP senior industry consultants, deep technical background and industry experience, innovation, "integrity management, adhering to the advanced, deep technology" as the goal of the IT company. Jiangsu Wave Information Consulting Co., Ltd...

6.8AI score
Exploits0
CVE
CVE
added 2024/08/08 12:0 a.m.46 views

CVE-2024-40482

CVE-2024-40482 affects Kashipara Live Membership System v1.0. An unrestricted file upload in "/Membership/edit_member.php" enables attackers to upload a crafted PHP file and achieve arbitrary code execution. The CVSS basis is 9.8 (CRITICAL): Network access, no authentication, low attack complexit...

9.8CVSS7.7AI score0.01202EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/31 3:15 p.m.23 views

CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...

6.4CVSS6.8AI score0.15804EPSS
Exploits1References10
Fedora
Fedora
added 2024/07/30 1:33 a.m.26 views

[SECURITY] Fedora 40 Update: curl-8.6.0-9.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

7.5CVSS7.7AI score0.04296EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/07/15 1:54 p.m.12 views

CVE-2024-38492 Symantec Privileged Access Manager Remote Command Execution vulnerability

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file...

9.4CVSS7.5AI score0.00939EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.4 views

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can exploit the vulnerability to upload arbitrary files via the component uploadUserHeadImage...

4.9CVSS7AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 4:15 p.m.27 views

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...

5.5CVSS7.4AI score0.00215EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.6 views

PT-2024-35135 · WordPress · Postx

Name of the Vulnerable Software and Affected Versions: PostX plugin for WordPress versions up to, and including, 4.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's file uploading feature due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.9AI score0.00326EPSS
Exploits0References6
Fedora
Fedora
added 2024/04/25 1:20 a.m.63 views

[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

8.6CVSS9AI score0.36081EPSS
Exploits2
Fedora
Fedora
added 2024/04/19 9:41 p.m.37 views

[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

8.6CVSS9AI score0.36081EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/04/18 4:35 p.m.369 views

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 Simple Python code to check for arbitrary upload...

10CVSS9.8AI score0.99999EPSS
Exploits43
0day.today
0day.today
added 2024/04/08 12:0 a.m.429 views

Invision Community 4.7.16 Remote Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

7.2CVSS7.4AI score0.00701EPSS
Exploits2
NVD
NVD
added 2024/03/21 8:15 a.m.33 views

CVE-2024-1148

Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files...

9.8CVSS9.7AI score0.00697EPSS
Exploits0References2
CVE
CVE
added 2024/03/21 7:34 a.m.63 views

CVE-2024-1148

OpenText PVCS Version Manager contains weak access control that could bypass authentication and allow arbitrary file uploads. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no user interaction required. Affected: PVCS Version Manager (OpenText). Root cause: weak access control enabling a...

9.8CVSS9.7AI score0.00697EPSS
Exploits0References2
CNVD
CNVD
added 2024/02/22 12:0 a.m.32 views

IBM Operational Decision Manager Code Issue Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a code issue vulnerability that originates from the ability ...

9.8CVSS7.5AI score0.73398EPSS
Exploits0References1
NVD
NVD
added 2024/02/17 5:15 p.m.39 views

CVE-2022-42443

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...

9.8CVSS3.2AI score0.0046EPSS
Exploits0References2
CVE
CVE
added 2024/02/17 4:10 p.m.36 views

CVE-2022-42443

The CVE-2022-42443 issue affects IBM Trusteer Mobile SDKs: Trusteer iOS SDK prior to 5.7 and Trusteer Android SDK prior to 5.7. The vulnerability, described as an undisclosed issue that may allow file uploads, is supported by IBM Security Bulletin and corroborating entries in Red Hat, CVE listing...

9.8CVSS3.1AI score0.0046EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder