Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-24971
CRITICAL CVSS 9.5
Find Similar
DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/uplo
DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb907
CVE-2025-24891
CRITICAL CVSS 9.6
Find Similar
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulatio
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_pr
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buff
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a spe
CVE-2021-47667
CRITICAL CVSS 10.0
Find Similar
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation of
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulatio
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument b
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulatio
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attac
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service.
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
Page 1+ Next →