Lucene search
K

8149 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48991

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.31.0 Description When the prettyUrls: true setting is enabled on the @apostrophecms/file module, the public pretty-URL handler constructs an upstream URL using the raw Host HTTP request header. This URL is the...

3.7CVSS5.3AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/11 10:48 p.m.8 views

CVE-2026-45418 ClipBucket: Blind SQL Injection in subtitle_edit.php

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

8.8CVSS5.5AI score0.00307EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/11 5:16 p.m.12 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

6.1AI score0.00078EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/11 5:16 p.m.8 views

GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

9.8CVSS6.1AI score0.00078EPSS
Exploits0References6
CVE
CVE
added 2026/06/11 10:21 a.m.24 views

CVE-2026-1500

GitLab CE/EE (versions 17.10 prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2) are affected by CVE-2026-1500. An authenticated user could trigger denial of service via uncontrolled resource consumption when processing a specially crafted file upload. The issue has been remediate...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/11 10:21 a.m.12 views

EUVD-2026-36233

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.14 views

CVE-2026-9067

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

SolidInvoice 跨站脚本漏洞

SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...

8.1CVSS4.9AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Başarsoft Rotaban 代码问题漏洞

Başarsoft Rotaban is a service route optimization platform developed by the Turkish company Başarsoft. Versions of Başarsoft Rotaban prior to V2026.06.002 and V2026.06.003 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited upload of dangerous type files, which could...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

FPDI 资源管理错误漏洞

FPDI is an open-source PDF reading software developed by Setasign GmbH & Co. KG. Versions of FPDI prior to 2.6.7 contained a resource management vulnerability. This vulnerability allowed attackers to upload malicious PDF files, causing server-side scripts to crash due to memory exhaustion or scri...

6CVSS5.3AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Limatek LimRAD NAC 代码问题漏洞

Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...

9.8CVSS5.8AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

GitLab 17.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-1500)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48645

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where an authenticated user can cause a denial of service through uncontrolled resour...

6.5CVSS5.2AI score0.00321EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via t...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Debusine 后置链接漏洞

Debusine is a software supply management platform for the Debian community, focused on package building, testing, analysis, and distribution. Debusine has a post-installation vulnerability that stems from allowing arbitrary user-controlled paths during the parsing of Debian source packages and th...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48389

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

5.5AI score0.00426EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 10:16 p.m.12 views

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
Rows per page
Query Builder