Lucene search
K

2141 matches found

Nuclei
Nuclei
added yesterday23 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.1AI score0.8581EPSS
Exploits2References3
NVD
NVD
added 2026/07/02 5:16 p.m.11 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS0.00708EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 5:16 p.m.9 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 5:4 p.m.36 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 5:4 p.m.19 views

CVE-2022-50973

Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...

9.8CVSS6.2AI score0.0086EPSS
In wildExploits0References5
EUVD
EUVD
added 2026/07/02 5:4 p.m.6 views

EUVD-2022-56009

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:4 p.m.11 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/02 5:3 p.m.8 views

EUVD-2024-55646

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:3 p.m.8 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 5:3 p.m.26 views

CVE-2024-14037

CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...

9.8CVSS6.5AI score0.00708EPSS
In wildExploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:11 p.m.11 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54885

Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1225 Description An unauthenticated remote attacker can execute arbitrary SQL queries due to improper input validation and unsafe SQL query construction. This issue occurs at the 'user' endpoint throug...

9.8CVSS6.8AI score0.00587EPSS
Exploits2References13
NVD
NVD
added 2026/06/18 6:16 p.m.15 views

CVE-2026-54390

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS0.00333EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:33 p.m.7 views

CVE-2026-54390

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS5.7AI score0.00333EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/06/18 5:33 p.m.106 views

CVE-2026-54390

Technical details are not publicly available in the provided documents. Monitor for updates from the connected sources.

9.8CVSS5.8AI score0.00333EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/18 5:33 p.m.9 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS6.2AI score0.00333EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/18 5:33 p.m.23 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS0.00333EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS
Exploits1References9
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-59872

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

9.8CVSS0.00454EPSS
Exploits0References1
Rows per page
Query Builder