CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 1:21 p.m.•8 views

CVE-2026-9035 Multiple vulnerabilities in Aspera applications.

EUVD•added 2026/05/27 1:21 p.m.•10 views

EUVD-2026-32503

ATTACKERKB•added 2026/05/27 1:21 p.m.•12 views

CVE-2026-9035

Exploits0References2Affected Software2

CVE•added 2026/05/27 12:25 p.m.•15 views

CVE-2026-3366

CVE-2026-3366 affects IBM InfoSphere Optim Test Data Fabrication versions 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, and 1.0.2.7. The root cause is a path traversal vulnerability leading to an arbitrary file read when a remote attacker sends a crafted URL contain...

7.5CVSS6AI score0.00596EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 12:25 p.m.•38 views

CVE-2026-3366 InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read

IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...

7.5CVSS0.00596EPSS

CVE•added 2026/05/27 9:27 a.m.•15 views

CVE-2025-0898

The CVE-2025-0898 affects the WordPress plugin Xpro Elementor Addons - Pro (versions up to 1.4.7). The vulnerability, exposed via the Draw SVG widget, allows an authenticated attacker with Contributor-level access (or higher) to perform Arbitrary File Reading on the server, exposing sensitive fil...

6.5CVSS5.9AI score0.00281EPSS

Cvelist•added 2026/05/27 9:27 a.m.•28 views

CVE-2025-0898 Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVG

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS0.00281EPSS

Vulnrichment•added 2026/05/27 9:27 a.m.•14 views

CVE-2025-0898 Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVG

6.5CVSS5.9AI score0.00281EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43991

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS

Exploits0References4

Patchstack•added 2026/05/26 8:55 p.m.•6 views

WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability

WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...

6.5CVSS5.8AI score0.00281EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/26 4:44 p.m.•4 views

CVE-2026-48126

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...

8.2CVSS6AI score0.00335EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/26 3:16 p.m.•14 views

CVE-2026-41917

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS0.00387EPSS

Exploits0References7

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43253

6.9CVSS5.9AI score0.00387EPSS

Exploits0References8

EUVD•added 2026/05/25 2:15 p.m.•9 views

EUVD-2018-21885

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00785EPSS

Exploits0References3

GithubExploit•added 2026/05/25 9:29 a.m.•80 views

Exploit for Infinite Loop in Dbgpt Db-Gpt

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS7.3AI score0.01761EPSS

Exploits4

CNNVD•added 2026/05/25 12:0 a.m.•5 views

PCViewer 路径遍历漏洞

PCViewer is a folder manager from PCViewer, Inc. A path traversal vulnerability exists in PCViewer version vt1000, which stems from directory traversal and could allow an unauthenticated attacker to read arbitrary files by submitting a sequence of relative paths via a GET request...

8.7CVSS5.9AI score0.00785EPSS

Exploits0References3

Tenable Nessus•added 2026/05/22 12:0 a.m.•6 views

Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...

6.5CVSS7AI score0.10124EPSS

Exploits0References4

RedhatCVE•added 2026/05/21 7:57 p.m.•7 views

CVE-2026-39352

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above...

8.7CVSS5.8AI score0.01134EPSS