CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/17 12:11 p.m.•8 views

EUVD-2018-21849

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE•added 2026/05/17 12:11 p.m.•13 views

CVE-2018-25325

CVE-2018-25325 concerns the Woocommerce CSV Importer 3.3.6 path traversal vulnerability. The issue allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. By sending POST requests that include directory traversal sequences...

Vulnrichment•added 2026/05/17 12:11 p.m.•6 views

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Cvelist•added 2026/05/17 12:11 p.m.•40 views

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

8.7CVSS0.00381EPSS

ATTACKERKB•added 2026/05/17 12:11 p.m.•6 views

CVE-2018-25325

Exploits0References3Affected Software1

Debian•added 2026/05/17 9:36 a.m.•10 views

[SECURITY] [DSA 6279-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected] https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

8.5CVSS6AI score0.00023EPSS

Exploits0

Positive Technologies•added 2026/05/17 12:0 a.m.•6 views

PT-2026-41552

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del ...

8.7CVSS5.9AI score0.00683EPSS

Tenable Nessus•added 2026/05/17 12:0 a.m.•7 views

Debian dsa-6279 : redis - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6279 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected]...

8.5CVSS6AI score0.00023EPSS

Exploits0References7

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41551

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete export file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename...

CNNVD•added 2026/05/17 12:0 a.m.•8 views

WordPress plugin Google Drive 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00683EPSS

Exploits0References1

NVD•added 2026/05/16 4:16 p.m.•7 views

CVE-2021-47978

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...

6.9CVSS0.0004EPSS

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2021-47977

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS0.00561EPSS

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2020-37245

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

8.7CVSS0.00158EPSS

NVD•added 2026/05/16 4:16 p.m.•7 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00028EPSS

CVE•added 2026/05/16 3:28 p.m.•14 views

CVE-2021-47978

CVE-2021-47978 : ProcessMaker 3.5.4 contains a Local File Inclusion (LFI) flaw caused by improper path traversal validation. Unauthenticated attackers can access arbitrary files by sending directory traversal sequences, potentially reading sensitive files such as /etc/passwd. The vulnerability is...

6.9CVSS5.9AI score0.0004EPSS

Cvelist•added 2026/05/16 3:28 p.m.•28 views

CVE-2021-47978 ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

6.9CVSS0.0004EPSS

EUVD•added 2026/05/16 3:28 p.m.•6 views

EUVD-2021-34839

6.9CVSS5.9AI score0.0004EPSS