Lucene search
K

44487 matches found

Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/17 12:11 p.m.10 views

EUVD-2018-21856

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25335

CVE-2018-25335 affects the WordPress plugin Peugeot Music 1.0. It contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload files via POST to upload.php, with attackers able to set arbitrary file extensions by manipulating the name parameter to execute code f...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/17 12:11 p.m.11 views

EUVD-2018-21851

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS6AI score0.00403EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/17 9:4 a.m.8 views

WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.15 views

PT-2026-41555

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS6AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.10 views

PT-2026-41561

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

9.8CVSS6.1AI score0.00515EPSS
Exploits0References3
NVD
NVD
added 2026/05/16 4:16 p.m.15 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00673EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:28 p.m.21 views

CVE-2021-47977

CVE-2021-47977 affects the WordPress plugin Anti-Malware Security and Bruteforce Firewall 4.20.59. It describes a directory traversal vulnerability where unauthenticated attackers can read arbitrary files by manipulating the file parameter via the duplicator_download action in admin-ajax.php, usi...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:26 p.m.16 views

CVE-2021-47979

CVE-2021-47979 affects WordPress Plugin Backup and Restore 1.0.3. An arbitrary file deletion vulnerability exists in which authenticated attackers can delete arbitrary files by crafting file_name and folder_name parameters in POST requests to admin-ajax.php, enabling file system modification with...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34834

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.38 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS0.00397EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.11 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/16 12:20 p.m.120 views

Exploit for CVE-2026-4882

CVE-2026-4882 User Registration Advanced Fields = 1.6.20 - Un...

9.8CVSS6.5AI score0.00653EPSS
Exploits1
Veracode
Veracode
added 2026/05/16 5:34 a.m.12 views

Directory Traversal

OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...

9.4CVSS6.2AI score0.00853EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/05/16 5:32 a.m.24 views

Path Traversal

org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...

8.2CVSS7.4AI score0.00558EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin Backup and Restore 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 9:40 p.m.37 views

CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS0.00454EPSS
Exploits1References1
Rows per page
Query Builder