Lucene search
+L

55 matches found

CVE
CVE
added 2026/02/24 10:6 a.m.49 views

CVE-2024-56373

Summary of CVE-2024-56373 : Apache Airflow 2.x contains a vulnerability in the log template history mechanism that can allow a user (DAG Author) with existing permissions to manipulate the Airflow database and execute arbitrary code in the web-server context, leading to potential remote code exec...

8.4CVSS6.7AI score0.01134EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21670

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...

8.4CVSS6.6AI score0.01134EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-6598

Malware in sbrugna...

9.3CVSS6.4AI score0.01188EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2012-6588

Malware in sbrugna...

9.3CVSS6.4AI score0.01145EPSS
Exploits0References6
NVD
NVD
added 2025/08/13 9:15 p.m.6 views

CVE-2012-10058

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server proce...

10CVSS0.01412EPSS
Exploits0References6
NVD
NVD
added 2025/08/08 7:15 p.m.11 views

CVE-2012-10052

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS0.01145EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/08 6:13 p.m.5 views

CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

9.3CVSS8.2AI score0.01141EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/08 6:13 p.m.13 views

CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

9.3CVSS0.01141EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.12 views

PT-2025-31688 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...

9.3CVSS7.2AI score0.01977EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/06/11 2:38 p.m.38 views

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS0.00607EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/10 7:26 a.m.24 views

Remote Code Execution (RCE)

aimeos/aimeos-core is vulnerable to Remote Code Execution RCE. The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web server...

7.9AI score
Exploits0
OSV
OSV
added 2024/06/05 1:29 p.m.17 views

GHSA-RHC2-23C2-WW7C Remote code execution in web server context

Impact User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...

7.2CVSS7.1AI score0.00607EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2022/03/01 12:0 a.m.15 views

(0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAEnergie. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.8CVSS4.4AI score
Exploits0
NVD
NVD
added 2020/07/28 6:15 p.m.33 views

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

6.3CVSS6.7AI score0.01285EPSS
Exploits0References1
Prion
Prion
added 2020/07/28 6:15 p.m.19 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

5.8CVSS6.8AI score0.01285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/28 5:10 p.m.32 views

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

6.3CVSS6.7AI score0.01285EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/24 7:13 p.m.25 views

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

9.5AI score0.03798EPSS
Exploits0References2
OSV
OSV
added 2019/02/05 6:29 p.m.5 views

CVE-2018-18990

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process...

5.3CVSS5.7AI score0.39487EPSS
Exploits0References2
CNVD
CNVD
added 2016/11/17 12:0 a.m.5 views

Barco ClickShare Directory Traversal Vulnerability

ClickShare is Barco's wireless presentation collaboration system that allows all participants to share content on a centralized conference room screen. The Barco ClickShare directory traversal vulnerability can be exploited by an attacker to view arbitrary local files and directories in the conte...

7.5CVSS6.7AI score0.04311EPSS
Exploits1References1
CNVD
CNVD
added 2015/12/24 12:0 a.m.6 views

Drupal Values Module Arbitrary PHP Code Execution Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Values is one of the modules used to customize various types of key-value pairs in the backend. An arbitrary PHP code execution vulnerability exists in the Drupal Values module in...

9CVSS8AI score0.01481EPSS
Exploits0References1
Rows per page
Query Builder