CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Github Security Blog•added 2023/11/03 12:30 a.m.•22 views

Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7.3AI score0.00219EPSS

Exploits0References5Affected Software2

Vulnrichment•added 2023/11/02 12:0 a.m.•10 views

CVE-2023-31579

6.9AI score0.00219EPSS

Exploits0References2

OSV•added 2023/05/12 12:30 p.m.•14 views

GHSA-FJX5-XM7Q-WHVJ CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter...

8.8CVSS8.7AI score0.07135EPSS

Exploits1References4

Github Security Blog•added 2022/06/24 12:0 a.m.•24 views

Withdrawn: Denial of Service in aiohttp

Withdrawn This advisory has been withdrawn because the maintainers of aiohttp and multiple third parties disputed the validity of the issue. There is not sufficient evidence for the claims in the original report. Original Description aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL...

5.5CVSS5.7AI score0.00252EPSS

Exploits1References3Affected Software1

NVD•added 2022/04/05 6:15 p.m.•8 views

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

8.8CVSS0.00354EPSS

Exploits1References1

Cvelist•added 2022/04/05 6:1 p.m.•13 views

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

9.1AI score0.00354EPSS

Exploits1References1

CVE•added 2022/04/05 6:1 p.m.•83 views

CVE-2022-26630

CVE-2022-26630 affects Jellycms v3.8.1 and earlier. Multiple connected sources confirm an arbitrary file upload vulnerability via the path app/admin/Controllers/db.php, impacting potentially file upload functions. Exploit specifics, affected products beyond JellyCMS, and remediation steps are not...

8.8CVSS8.8AI score0.00354EPSS

Exploits1References1Affected Software1

NVD•added 2021/08/20 2:15 p.m.•12 views

CVE-2020-18879

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'...

9.8CVSS0.09439EPSS

Exploits1References1

Prion•added 2021/08/20 2:15 p.m.•9 views

Unrestricted file upload

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'...

7.5CVSS9.7AI score0.09439EPSS

Exploits1References1Affected Software1

CVE•added 2021/08/20 1:20 p.m.•48 views

CVE-2020-18879

CVE-2020-18879 affects Bludit v3.8.1 via an unrestricted file upload in the component bl-kereln/ajax/upload-logo.php, allowing remote code execution with uploaded malicious files. The vulnerability is documented with a high/critical impact (NVD CVSS v3.1 base score 9.8, CRITICAL) and a network-ac...

9.8CVSS9.7AI score0.09439EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/20 1:20 p.m.•14 views

CVE-2020-18879

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'...

9.8AI score0.09439EPSS

Exploits1References1

NVD•added 2020/12/03 12:15 p.m.•8 views

CVE-2020-5678

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

6.1CVSS6AI score0.0059EPSS

Exploits0References3

OSV•added 2020/12/03 12:15 p.m.•14 views

CVE-2020-5678

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

6.1CVSS6.1AI score

Exploits0References3

Prion•added 2020/12/03 12:15 p.m.•12 views

Cross site scripting

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

4.3CVSS6AI score0.0059EPSS

Exploits0References3Affected Software1

Cvelist•added 2020/12/03 11:15 a.m.•13 views

CVE-2020-5678

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

6.1AI score0.0059EPSS

Exploits0References3

OSV•added 2020/10/02 2:15 p.m.•12 views

CVE-2020-18190

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...

9.1CVSS7AI score

Exploits0References1

NVD•added 2020/10/02 2:15 p.m.•5 views

CVE-2020-18190

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...

9.1CVSS0.03325EPSS

Exploits1References1

Prion•added 2020/10/02 2:15 p.m.•7 views

Directory traversal

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...

6.4CVSS9.2AI score0.03325EPSS

Exploits1References1Affected Software1

CVE•added 2020/10/02 1:12 p.m.•39 views

CVE-2020-18190

Bludit v3.8.1 is affected by a directory traversal vulnerability in the upload-profile-picture endpoint (/admin/ajax/upload-profile-picture). The flaw allows remote attackers to delete arbitrary files on the server. This is a path traversal issue in the upload handling, enabling statements about ...

9.1CVSS9.2AI score0.03325EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/10/02 1:12 p.m.•11 views

CVE-2020-18190

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...

9.3AI score0.03325EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by