CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•6 views

CVE-2026-42679

CVE-2026-42679 affects the WordPress plugin Classified Listing (versions

6.5CVSS5.8AI score0.00043EPSS

Vulnrichment•added 3 days ago•6 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

6.5CVSS5.8AI score0.00043EPSS

NVD•added 5 days ago•12 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00233EPSS

CVE•added 5 days ago•11 views

CVE-2018-25421

Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...

7.1CVSS5.9AI score0.0004EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

7.1CVSS5.9AI score0.0004EPSS

CVE•added 5 days ago•11 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

Vulnrichment•added 5 days ago•5 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

Cvelist•added 5 days ago•27 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

8.7CVSS0.00233EPSS

CNNVD•added 5 days ago•4 views

Open ISES Project 路径遍历漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...

CNNVD•added 5 days ago•4 views

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

7.1CVSS5.9AI score0.0004EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-45108

Vulnrichment•added 6 days ago•6 views

Exploits0References5

CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00148EPSS

EUVD•added 6 days ago•4 views

EUVD-2018-21915

7.1CVSS5.9AI score0.00148EPSS

CNNVD•added 6 days ago•3 views

Naviwebs Navigate CMS 路径遍历漏洞

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...

7.1CVSS5.9AI score0.00148EPSS

Patchstack•added 2026/05/17 9:4 a.m.•3 views

WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...

6.5CVSS5.8AI score0.00043EPSS

Exploits0Affected Software1

Cvelist•added 2026/05/12 7:19 p.m.•28 views

CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...

4.9CVSS0.00043EPSS