Lucene search
K

1375 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.4 views

CVE-2019-25480

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...

8.7CVSS6.1AI score0.00717EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/19 4:10 p.m.196 views

Exploit for CVE-2026-27180

MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...

9.8CVSS7.2AI score0.01086EPSS
Exploits4
NVD
NVD
added 2026/02/18 10:16 p.m.5 views

CVE-2019-25352

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...

8.7CVSS0.00765EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 9:54 p.m.14 views

CVE-2019-25352

Crystal Live HTTP Server 6.01 exposes a directory traversal vulnerability allowing remote attackers to access sensitive files by manipulating URL path segments with multiple ../ sequences. Affected component is the server’s handling of URL paths, enabling navigation outside the web root and poten...

8.7CVSS5.6AI score0.00765EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 10:48 p.m.10 views

CVE-2019-25333

CVE-2019-25333 affects Bullwark Momentum Series JAWS 1.0. The issue is a directory traversal vulnerability where unauthenticated attackers can read sensitive files by manipulating HTTP request paths with multiple “../” sequences, potentially reading files such as “/etc/passwd” outside the web roo...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.6 views

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References1
OSV
OSV
added 2026/01/28 10:24 p.m.7 views

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2026/01/28 10:24 p.m.4 views

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 10:24 p.m.5 views

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.8 views

CVE-2021-47751

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

7.5CVSS6.9AI score0.00715EPSS
Exploits1References1
OSV
OSV
added 2026/01/13 11:15 p.m.3 views

CVE-2021-47751

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

7.5CVSS5.9AI score0.00715EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.3 views

CVE-2021-47751 CuteEditor for PHP 6.6 - Directory Traversal

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

7.5CVSS5.6AI score0.00715EPSS
Exploits1References3
CVE
CVE
added 2026/01/13 10:51 p.m.12 views

CVE-2021-47751

CVE-2021-47751 affects CuteEditor for PHP (Rich Text Editor) version 6.6. The vulnerability is a directory traversal in the browse template feature that enables writing files to arbitrary web root directories by abusing ServerMapPath() to rename uploaded HTML files with traversal sequences, outsi...

7.5CVSS6.6AI score0.00715EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2360

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP now referred to as Rich Text Editor version 6.6 Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiti...

7.5CVSS6.6AI score0.00715EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.17 views

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

7.5CVSS6.6AI score0.00954EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.9 views

CVE-2019-11879

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a probl...

5.5CVSS6.8AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.17 views

Vivotek IP7137 路径遍历漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...

8.7CVSS6.4AI score0.0071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.8 views

CVE-1999-0882

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...

5CVSS7.1AI score0.01897EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.16 views

CVE-2023-53956

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

8.8CVSS8.2AI score0.00663EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 9:5 p.m.5 views

EUVD-2025-204594

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

8.8CVSS7.8AI score0.00663EPSS
Exploits0References4
Rows per page
Query Builder