Lucene search
K

416 matches found

NVD
NVD
added 2024/02/08 9:15 p.m.43 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.7AI score0.00602EPSS
Exploits1References1
OSV
OSV
added 2024/02/08 12:0 a.m.37 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.3AI score0.00602EPSS
Exploits1References3
NVD
NVD
added 2024/02/06 10:16 p.m.21 views

CVE-2024-24254

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and missionfeasibilitychecker.cpp. This will result in the drone uploading overlapping geofences and mission routes...

4.2CVSS4.5AI score0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/29 3:54 p.m.48 views

CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

6.8CVSS6.6AI score0.0045EPSS
Exploits1References2
Talos
Talos
added 2024/01/10 12:0 a.m.27 views

WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability

Talos Vulnerability Report TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability January 10, 2024 CVE Number CVE-2023-49715 SUMMARY A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVide...

8.8CVSS6.9AI score0.01367EPSS
Exploits1
OSV
OSV
added 2023/12/25 12:0 a.m.17 views

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

7.2CVSS7AI score0.00855EPSS
Exploits0References5
NVD
NVD
added 2023/12/16 1:15 a.m.16 views

CVE-2020-17485

A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources...

9.8CVSS0.01837EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/16 12:0 a.m.22 views

CVE-2020-17485

A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources...

9.4AI score0.01837EPSS
Exploits0References2
Prion
Prion
added 2023/12/15 10:15 a.m.15 views

Privilege escalation

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

6.5CVSS7.6AI score0.00886EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/15 8:15 a.m.20 views

CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

9.8CVSS0.00961EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 4:11 a.m.45 views

CVE-2023-48371

ITPison OMICARD EDM is affected by CVE-2023-48371 due to a file upload feature that does not restrict dangerous file types. An unauthenticated remote attacker can upload and execute arbitrary executables, enabling arbitrary system commands or disruption of service. Documents reference affected ve...

9.8CVSS9.8AI score0.00961EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/04 9:28 p.m.21 views

CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6AI score0.00932EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/04 9:28 p.m.25 views

CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.5AI score0.00932EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.6 views

PT-2023-29272 · WordPress · Uploading Svg

Name of the Vulnerable Software and Affected Versions: Uploading SVG, WEBP and ICO files WordPress plugin versions 1.2.1 and earlier Description: The issue concerns the failure to sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containin...

6.1CVSS6.2AI score0.00932EPSS
Exploits2References8
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.6 views

WordPress plugin Uploading SVG, WEBP and ICO files security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS6.2AI score0.00932EPSS
Exploits2References1
NVD
NVD
added 2023/11/29 9:15 a.m.24 views

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

4.3CVSS0.00243EPSS
Exploits0References1
Virtuozzo
Virtuozzo
added 2023/11/27 12:0 a.m.29 views

Virtuozzo Hybrid Infrastructure 6.0 (6.0.0-243)

In this release, Virtuozzo Hybrid Infrastructure provides an upgrade of the Linux distribution, kernel, and toolset packages. This release also contains a range of new features that cover storage performance, object storage, as well as monitoring and alerts. Additionally, this release delivers...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2023/11/03 4:11 a.m.24 views

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.5AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2023/11/02 7:24 a.m.68 views

BIT-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

7.5CVSS6.8AI score0.01053EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.4 views

PT-2023-27916 · Rogic · Rogic No-Code Database Builder

Name of the Vulnerable Software and Affected Versions: Rogic No-Code Database Builder affected versions not specified Description: The issue concerns the file uploading function in Rogic No-Code Database Builder, which has insufficient filtering for special characters. This allows a remote attack...

5.4CVSS5.3AI score0.00345EPSS
Exploits0References4
Rows per page
Query Builder