Lucene search
K

119 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29411

XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host...

6.3CVSS6AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 3:16 p.m.14 views

CVE-2026-33284

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS0.00196EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.6 views

EUVD-2026-14650

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00676EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/07 5:5 a.m.5 views

Arbitrary File Upload

wwbn/avideo is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of files during plugin upload and extraction, which allows an attacker to upload a crafted archive containing malicious PHP code and execute it on the server...

9.3CVSS6AI score0.00673EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/05 7:16 p.m.14 views

CVE-2026-3459

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00553EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 p.m.8 views

CVE-2026-3105

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 11:16 p.m.6 views

DEBIAN-CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

8.6CVSS5.4AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 8:16 a.m.7 views

CVE-2026-1730

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS0.0052EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 7:31 a.m.6 views

EUVD-2026-5276

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS6.5AI score0.0052EPSS
Exploits0References5
OSV
OSV
added 2026/01/14 5:57 p.m.7 views

DRUPAL-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

6.5CVSS6.8AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 7:19 p.m.7 views

GHSA-PCWC-3FW3-8CQV WeKnora vulnerable to SQL Injection

Summary After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database. Details Source - File:...

5.6CVSS6AI score0.00353EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.9 views

Gargoyle Router Management Utility 安全漏洞

Gargoyle Router Management Utility is a third-party router firmware from Gargoyle. A security vulnerability exists in Gargoyle Router Management Utility version 1.5.x, which stems from a restricted or insufficient validation of the commands parameter input, which could allow an authenticated...

8.8CVSS6.1AI score0.0063EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50321

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

9.3CVSS6.6AI score0.00516EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 5:15 p.m.3 views

CVE-2025-56704

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code...

8.8CVSS6AI score0.00664EPSS
Exploits1References4
NVD
NVD
added 2025/12/04 9:16 p.m.6 views

CVE-2025-13543

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above...

8.8CVSS0.00707EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 8:27 p.m.19 views

CVE-2025-13543

CVE-2025-13543 affects the WordPress plugin PostGallery (versions

8.8CVSS7.1AI score0.00707EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/02 12:0 a.m.8 views

CVE-2025-65844

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary...

0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/28 9:10 a.m.7 views

CVE-2025-13536

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the...

8.8CVSS7.4AI score0.0052EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.9 views

CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

8.1CVSS0.00587EPSS
Exploits0References4
Rows per page
Query Builder