CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

973 matches found

EUVD•added 2026/02/01 12:56 p.m.•5 views

EUVD-2022-55946

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS6AI score0.00019EPSS

Exploits0References3

Vulnrichment•added 2026/02/01 12:56 p.m.•5 views

CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation

6.4CVSS5.5AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/02/01 12:56 p.m.•4 views

CVE-2022-50951

6.4CVSS6AI score0.00019EPSS

Exploits0References3Affected Software1

EUVD•added 2026/01/31 12:30 a.m.•4 views

EUVD-2020-30938

Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project...

8.4CVSS6.5AI score0.00008EPSS

Exploits0References5

Tenable Nessus•added 2026/01/31 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2020-37040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode...

8.4CVSS6.3AI score0.00008EPSS

Exploits0References2

Cvelist•added 2026/01/30 10:7 p.m.•18 views

CVE-2020-37040 Code Blocks 17.12 - 'File Name' Local Buffer Overflow

8.4CVSS0.00008EPSS

Exploits0References4

ATTACKERKB•added 2026/01/30 10:7 p.m.•3 views

CVE-2020-37040

8.4CVSS6.5AI score0.00008EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/01/24 12:0 a.m.•4 views

C++ HTTP Server path traversal vulnerability

C++ HTTP Server is an HTTP/1.1 server developed by Aryan Singh. Versions of C++ HTTP Server 1.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from the RequestHandler::handleRequest method, which did not clean user-controlled file names, potentially allowing for path...

7.5CVSS7.4AI score0.00035EPSS

Exploits0References2

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Laurent security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.0022EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin WerkStatt Plugin has a security vulnerability

7.5CVSS5.8AI score0.00067EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin JNews – Pay Writer has a security vulnerability

7.5CVSS5.8AI score0.0022EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•2 views

Group Office Cross-Site Script Vulnerabilities

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.148, as well as versions 25.0.1 through 25.0.79, contained a cross-site scripting vulnerability. This vulnerability stemmed from the application storing uncleaned file names i...

5.4CVSS5.6AI score0.00044EPSS

Exploits1References4

CNNVD•added 2026/01/14 12:0 a.m.•5 views

Frappe Learning Management System 跨站脚本漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System version 2.44.0 and prior versions, which stems from a specially crafted image file name that could...

5.4CVSS5.9AI score0.00052EPSS

Exploits0References3

ATTACKERKB•added 2026/01/13 5:57 p.m.•2 views

CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS5.4AI score0.00445EPSS

Exploits0References2Affected Software24

OSV•added 2026/01/08 9:16 p.m.•3 views

GHSA-54M3-5FXR-2F3J Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

8.8CVSS6.5AI score0.00013EPSS

Exploits1References4

NVD•added 2026/01/08 7:16 p.m.•3 views

CVE-2026-22257

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS0.00013EPSS

Exploits1References2

EUVD•added 2026/01/08 6:22 p.m.•4 views

EUVD-2026-1423

8.8CVSS5.8AI score0.00013EPSS

Exploits1References4

Vulnrichment•added 2026/01/08 6:22 p.m.•3 views

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

8.8CVSS6AI score0.00013EPSS

Exploits1References2

CVE•added 2026/01/08 6:22 p.m.•7 views

CVE-2026-22257

CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...

8.8CVSS6AI score0.00013EPSS

Exploits1References2Affected Software1