CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2 days ago•3 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

Cvelist•added 2 days ago•38 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

8.7CVSS0.00076EPSS

CVE•added 2 days ago•15 views

CVE-2023-54350

Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...

EUVD•added 2 days ago•9 views

EUVD-2023-60581

ATTACKERKB•added 2 days ago•4 views

CVE-2023-54350

Exploits0References2Affected Software1

Positive Technologies•added 2 days ago•8 views

PT-2026-47232

8.7CVSS6.6AI score0.00076EPSS

Exploits0References3

RedhatCVE•added 2026/04/25 1:22 a.m.•5 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS5.8AI score0.00429EPSS

Exploits0References1

RedhatCVE•added 2026/04/25 1:22 a.m.•4 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.4AI score0.00133EPSS

Exploits0References1

RedhatCVE•added 2026/04/23 7:58 p.m.•5 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

EUVD•added 2026/04/22 9:32 p.m.•2 views

Exploits0References1

EUVD-2026-25068

7.1CVSS6.3AI score0.00133EPSS

EUVD•added 2026/04/22 9:32 p.m.•5 views

EUVD-2026-25067

NVD•added 2026/04/22 7:17 p.m.•1 views

CVE-2026-34414

7.1CVSS0.00133EPSS

NVD•added 2026/04/22 7:17 p.m.•3 views

CVE-2026-34413

8.8CVSS0.00434EPSS

Cvelist•added 2026/04/22 6:33 p.m.•27 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

8.8CVSS0.00434EPSS

CVE•added 2026/04/22 6:33 p.m.•6 views

CVE-2026-34413

Xerte Online Toolkits 3.15 and earlier suffer a missing authentication vulnerability in the elFinder connector endpoint /editor/elfinder/php/connector.php. An HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request se...

Vulnrichment•added 2026/04/22 6:33 p.m.•3 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

ATTACKERKB•added 2026/04/22 6:33 p.m.•0 views

CVE-2026-34413

Vulnrichment•added 2026/04/22 6:33 p.m.•3 views

Exploits0References9

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

9.8CVSS6AI score0.00429EPSS

CVE•added 2026/04/22 6:33 p.m.•2 views

CVE-2026-34415

CVE-2026-34415 affects Xerte Online Toolkits versions ≤ 3.15. The vulnerability is in the elFinder connector endpoint, where incomplete input validation fails to block PHP-executable extensions such as .php4 due to an incorrect regex. This enables an unauthenticated attacker to abuse an attack pa...

9.8CVSS6AI score0.00429EPSS