CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2025/07/14 12:20 p.m.•5 views

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

9.8CVSS7.5AI score0.85696EPSS

Exploits2References1

NVD•added 2025/07/12 12:15 p.m.•4 views

CVE-2020-36849

9.8CVSS0.85696EPSS

Exploits2References6

CVE•added 2025/07/12 11:23 a.m.•23 views

CVE-2020-36849

The CVE-2020-36849 entry concerns the AIT CSV import/export plugin for WordPress (versions up to 3.0.3). The root cause is missing file type validation in admin/upload-handler.php, enabling arbitrary file uploads on the vulnerable site and potentially remote code execution. Public references incl...

9.8CVSS7.5AI score0.85696EPSS

Exploits2References6Affected Software1

Vulnrichment•added 2025/07/12 11:23 a.m.•4 views

CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload

9.8CVSS8.1AI score0.85696EPSS

Exploits2References6

NVD•added 2023/07/14 6:15 p.m.•14 views

CVE-2023-36849

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon l2cpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service DoS. When a malformed LLDP packet is received, l2cpd will...

6.5CVSS0.00101EPSS

Exploits0References1

CVE•added 2023/07/14 5:58 p.m.•43 views

CVE-2023-36849

CVE-2023-36849 affects Juniper Networks Junos OS and Junos OS Evolved; the issue is an Improper Check or Handling of Exceptional Conditions in the Layer-2 control protocols daemon (l2cpd). A malformed LLDP packet can cause l2cpd to crash and restart, reinitializing STP (RSTP/MSTP/VSTP), MVRP and ...

6.5CVSS6.5AI score0.00101EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2022/09/09 3:15 p.m.•2 views

CVE-2022-36849

Use after free vulnerability in sdpmmsetprocesssensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions...

7.8CVSS5.8AI score0.00019EPSS

Exploits0References2

CVE•added 2022/09/09 2:39 p.m.•49 views

CVE-2022-36849

CVE-2022-36849 is a use-after-free vulnerability in the sdp_mm_set_process_sensitive function of the sdpmm driver, affecting Samsung devices in the SMR Sep-2022 Release 1. The issue arises from post-release reuse in the sdpmm driver and could allow malicious actions. Publicly documented impact fo...

7.8CVSS7.8AI score0.00019EPSS

Exploits0References1Affected Software1