Lucene search
K

2201 matches found

Nuclei
Nuclei
added yesterday656 views

Chamilo LMS <= 1.11.24 - Remote Code Execution

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. id: CVE-2023-422...

8.1CVSS7.1AI score0.76084EPSS
Exploits27References4
Nuclei
Nuclei
added yesterday19 views

Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

10CVSS7.1AI score0.60348EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57368

Name of the Vulnerable Software and Affected Versions ps facetedsearch versions 3.0.0 through 4.0.3 Description A PHP Object Injection issue exists in the ps facetedsearch module. The module rebuilds search filters from the request URL, but the values for slider filters, specifically price or...

10CVSS6.6AI score0.00092EPSS
Exploits0References8
NVD
NVD
added last week10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
Cvelist
Cvelist
added last week31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References4
EUVD
EUVD
added last week5 views

EUVD-2026-42054

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
CVE
CVE
added last week12 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
NVD
NVD
added 2026/07/01 4:16 p.m.17 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/06/20 1:37 p.m.27 views

CVE-2022-50972 WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-box-product-images.php

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS0.00629EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-39598

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:32 p.m.23 views

CVE-2025-59872

Technical details about CVE-2025-59872 are not publicly provided in the supplied documents; monitor for updates.

9.8CVSS6AI score0.00454EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50375

Name of the Vulnerable Software and Affected Versions HCL ZIE for Web affected versions not specified Description HCL ZIE for Web is affected by an unrestricted file upload issue. If the server is configured to execute code, an attacker can upload a web shell—a script used to manage a system...

9.8CVSS6.3AI score0.00454EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 9:24 p.m.15 views

CVE-2026-39598

CVE-2026-39598 concerns WordPress Academy LMS Pro plugin (pre-3.5.2). The vulnerability is an Unrestricted Upload of File with a Dangerous Type, enabling an attacker to upload a web shell to the web server. Affected: Academy LMS Pro prior to 3.5.2. CVSS 3.1 metrics indicate NETWORK attack Vector,...

8CVSS5.2AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:24 p.m.22 views

CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 12:16 p.m.13 views

CVE-2026-40750

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 10:39 a.m.32 views

CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 10:39 a.m.11 views

EUVD-2026-37065

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS5.2AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 10:39 a.m.26 views

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

9.9CVSS5.3AI score0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50109

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS5.3AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder