CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/11/13 12:0 a.m.•7 views

Generex UPS Adapter CS141 Improper Link Resolution Before File Access (CVE-2022-47188)

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. This plugin only works with Tenable.ot...

7.5CVSS8AI score0.00914EPSS

NVD•added 2025/11/12 10:15 p.m.•3 views

CVE-2022-4982

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

8.7CVSS0.00429EPSS

NVD•added 2025/11/12 10:15 p.m.•3 views

CVE-2023-7327

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service,...

8.7CVSS0.01961EPSS

Vulnrichment•added 2025/11/12 10:8 p.m.•4 views

CVE-2016-15055 JVC VN-T IP-Camera Directory Traversal via check.cgi

JVC VN-T IP-camera models firmware versions up to 2016-08-22 confirmed on the VN-T216VPRU model contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary...

8.7CVSS6.5AI score0.00822EPSS

CVE•added 2025/11/12 10:7 p.m.•18 views

CVE-2023-7327

CVE-2023-7327 affects Ozeki SMS Gateway up to version 10.3.208 and is a path traversal flaw exposing a read of arbitrary files on the underlying filesystem with the gateway service’s privileges. The vulnerability is exploitable remotely by an unauthenticated attacker using URL-encoded traversal s...

8.7CVSS6.3AI score0.01961EPSS

Cvelist•added 2025/11/12 10:7 p.m.•9 views

CVE-2023-7327 Ozeki SMS Gateway <= 10.3.208 Unauthenticated Arbitrary File Read

8.7CVSS0.01961EPSS

Vulnrichment•added 2025/11/12 10:7 p.m.•5 views

CVE-2023-7327 Ozeki SMS Gateway <= 10.3.208 Unauthenticated Arbitrary File Read

8.7CVSS6.2AI score0.01961EPSS

RedhatCVE•added 2025/11/12 3:46 a.m.•5 views

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

7.5CVSS6.1AI score0.00399EPSS

CNNVD•added 2025/11/12 12:0 a.m.•2 views

DBLTek GoIP-1 安全漏洞

The DBLTek GoIP-1 is a gateway device from Deborah DBLTek China. A security vulnerability exists in DBLTek GoIP-1 GHSFVT-1.1-67-5 and prior versions, which stems from a local file inclusion issue that could result in reading arbitrary file system files...

8.7CVSS8.9AI score0.00429EPSS

Exploits0References5

OpenVAS•added 2025/11/12 12:0 a.m.•2 views

OpenSMTPD < 6.6.4 Multiple Vulnerabilities (Feb 2020)

OpenSMTPD is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:opensmtpd"; ifdescription...

10CVSS7.8AI score0.88535EPSS

Exploits14References4

EUVD•added 2025/11/11 6:30 a.m.•5 views

EUVD-2025-60958

7.5CVSS5.6AI score0.00399EPSS

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

7.5CVSS0.00399EPSS

Vulnrichment•added 2025/11/11 3:30 a.m.•3 views

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

7.5CVSS5.7AI score0.00399EPSS

CVE•added 2025/11/11 3:30 a.m.•20 views

CVE-2025-11451

CVE-2025-11451 affects the WordPress plugin Auto Amazon Links – Amazon Associates Affiliate Plugin and allows unauthenticated arbitrary file reads via the WP REST endpoint /wp-json/wp/v2/aal_ajax_unit_loading in versions up to 5.4.3. The exposure can reveal sensitive server contents. Public discl...

7.5CVSS5.7AI score0.00399EPSS

CNVD•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN Absolute Path Traversal Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...

6.9CVSS7AI score0.00341EPSS

CNVD•added 2025/11/11 12:0 a.m.•3 views

Advantech DeviceOn/iEdge Path Traversal Vulnerability

Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...

9.8CVSS6AI score0.00636EPSS

NVD•added 2025/11/10 11:15 p.m.•5 views

CVE-2018-25124

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS0.00808EPSS