CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/13 8:22 p.m.•9 views

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS

OSV•added 2026/05/13 8:16 p.m.•1 views

UBUNTU-CVE-2026-33380

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.5CVSS6AI score0.00262EPSS

Exploits0References3

NVD•added 2026/05/13 7:17 p.m.•6 views

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS0.00278EPSS

EUVD•added 2026/05/13 6:30 p.m.•5 views

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00409EPSS

Exploits2References3

CVE•added 2026/05/13 6:5 p.m.•10 views

CVE-2026-0259

CVE-2026-0259 affects Palo Alto Networks WildFire Appliance WF-500 and WF-500-B operating in the default non-FIPS configuration. It enables an arbitrary File Read and Delete vulnerability over the network, allowing access to sensitive information and deletion of arbitrary files. Impact is describ...

7.1CVSS5.9AI score0.00278EPSS

Cvelist•added 2026/05/13 6:5 p.m.•26 views

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

7.1CVSS0.00278EPSS

Vulnrichment•added 2026/05/13 6:5 p.m.•5 views

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

7.1CVSS5.9AI score0.00278EPSS

ATTACKERKB•added 2026/05/13 6:5 p.m.•6 views

CVE-2026-0259

5.9AI score0.00278EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/13 4:16 p.m.•4 views

CVE-2026-31156

6.5CVSS0.00409EPSS

Exploits2References2

NVD•added 2026/05/13 1:1 p.m.•7 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00345EPSS

Patchstack•added 2026/05/13 10:40 a.m.•6 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Fusion Builder versions = 3.15.2...

6.5CVSS5.8AI score0.00345EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/13 9:26 a.m.•21 views

EUVD-2026-29933

Vulnrichment•added 2026/05/13 9:26 a.m.•9 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

ATTACKERKB•added 2026/05/13 9:26 a.m.•3 views

CVE-2026-4782

Cvelist•added 2026/05/13 9:26 a.m.•45 views

Exploits1References3

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

6.5CVSS0.00345EPSS

CVE•added 2026/05/13 9:26 a.m.•18 views

CVE-2026-4782

The Wordfence-disclosed analysis confirms CVE-2026-4782 affects Avada Builder (Fusion Builder)