Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory t
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEd
A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP req
Page 1+ Next →