Lucene search
K

8149 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40262

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

8.8CVSS5.6AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40142

Papermark through 0.22.0 contains a cross-origin resource sharing CORS misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with...

4.7CVSS6AI score0.0025EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-56414

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS5.9AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added last week50 views

CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS0.00341EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00341EPSS
Exploits0References3
Nuclei
Nuclei
added last week50 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.6 views

EUVD-2026-39630

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 7:16 a.m.9 views

CVE-2026-8380

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS0.00342EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 6:0 a.m.8 views

EUVD-2026-39626

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS5.9AI score0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 6:0 a.m.35 views

CVE-2026-8380 Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

0.00342EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 6:0 a.m.23 views

CVE-2026-8380

The CVE-2026-8380 issue affects the Frontend File Manager (nmedia-user-file-uploader) WordPress plugin

6.5CVSS5.9AI score0.00342EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:42 p.m.6 views

CVE-2026-56367

A vulnerability in the ImageMagick image processing tool could allow an attacker to crash the application or access sensitive information by uploading a maliciously crafted Photoshop PSB file. Mitigation To reduce the risk, avoid processing untrusted PSB Photoshop Big files with ImageMagick...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:40 p.m.6 views

Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:54 p.m.6 views

EUVD-2026-39464

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

7.5CVSS5.9AI score0.00761EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/25 3:54 p.m.6 views

CVE-2026-54024 LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

6.5CVSS7.1AI score0.00761EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.33 views

CVE-2026-48946 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

0.00167EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:25 p.m.5 views

CVE-2026-48946

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1
Rows per page
Query Builder