CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/04 1:22 p.m.•8 views

CVE-2019-25727

The CVE-2019-25727 entry describes an Arbitrary File Download vulnerability in WordPress Plugin ad manager wd 1.0.11. An unauthenticated attacker can target the edit.php endpoint by supplying export=export_csv and a malicious path parameter to read sensitive files accessible to the web server (e....

Cvelist•added 2026/06/04 1:22 p.m.•33 views

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

9.8CVSS0.00446EPSS

Vulnrichment•added 2026/06/04 1:22 p.m.•8 views

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

EUVD•added 2026/06/04 1:22 p.m.•6 views

EUVD-2019-20163

ATTACKERKB•added 2026/06/04 1:22 p.m.•4 views

CVE-2019-25727

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46197

CVE•added 2026/06/01 3:13 p.m.•12 views

CVE-2026-42679

CVE-2026-42679 affects the WordPress plugin Classified Listing (versions

6.5CVSS5.8AI score0.00295EPSS

Exploits0References1

Cvelist•added 2026/06/01 3:13 p.m.•26 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS0.00295EPSS

Exploits0References1

Vulnrichment•added 2026/06/01 3:13 p.m.•9 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

6.5CVSS5.8AI score0.00295EPSS

Exploits0References1

NVD•added 2026/06/01 9:16 a.m.•10 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS0.0027EPSS

Exploits0References6

Vulnrichment•added 2026/06/01 8:30 a.m.•8 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

6.5CVSS5.4AI score0.0027EPSS

Exploits0References6

CVE•added 2026/06/01 8:30 a.m.•16 views

CVE-2026-10241

Summary of CVE-2026-10241 : In jeecgboot, the server-side component is affected via the function FileDownloadUtils.download2DiskFromNet in the file path /airag/app/debug within the Cloud Instance Metadata Endpoint . The issue enables a server-side request forgery (SSRF) condition that can be trig...

6.5CVSS6.2AI score0.0027EPSS

Exploits0References6

ATTACKERKB•added 2026/06/01 8:30 a.m.•8 views

CVE-2026-10241

6.5CVSS6.2AI score0.0027EPSS

Exploits0References6Affected Software1

NVD•added 2026/05/30 4:17 p.m.•13 views

CVE-2018-25421

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

7.1CVSS0.00334EPSS

NVD•added 2026/05/30 4:17 p.m.•20 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS

Vulnrichment•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal

7.1CVSS5.9AI score0.00334EPSS

Cvelist•added 2026/05/30 2:55 p.m.•33 views

CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal

7.1CVSS0.00334EPSS