CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

970 matches found

CVE•added 2025/11/05 7:27 a.m.•32 views

CVE-2025-12674

KiotViet Sync plugin for WordPress (versions <= 1.8.5) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in create_media(). This can allow uploading arbitrary files to the server and may enable remote code execution. A GitHub exploit exists (CVE-2025-1...

9.8CVSS7.2AI score0.00684EPSS

Exploits2References2

Cvelist•added 2025/11/05 7:27 a.m.•5 views

CVE-2025-12674 KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...

9.8CVSS0.00684EPSS

Exploits2References2

CNVD•added 2025/11/05 12:0 a.m.•2 views

Simple Online Hotel Reservation System Code Issue Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System has a code issue vulnerability that stems from a lack of valid validation of uploaded files by the Photo Handler component in file /admin/editroom.php. An attacker can use th...

7.2CVSS7.3AI score0.00343EPSS

Exploits1References1

CNNVD•added 2025/10/25 12:0 a.m.•3 views

WordPress plugin AIO Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

7.2CVSS7.6AI score0.00548EPSS

Exploits0References3

Vulnrichment•added 2025/10/24 7:23 a.m.•7 views

CVE-2025-6440 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

9.8CVSS7.5AI score0.32788EPSS

Exploits12References2

RedhatCVE•added 2025/10/16 8:33 a.m.•12 views

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.5AI score0.00878EPSS

Exploits3References1

Veracode•added 2025/10/16 8:12 a.m.•4 views

Remote Code Execution (RCE)

mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...

8.7CVSS8.4AI score0.00286EPSS

Exploits0References4Affected Software1

NVD•added 2025/10/15 9:15 a.m.•36 views

CVE-2025-10041

9.8CVSS0.00878EPSS

Exploits3References4

CNNVD•added 2025/10/15 12:0 a.m.•11 views

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS7.4AI score0.00878EPSS

Exploits3References4

CNNVD•added 2025/10/15 12:0 a.m.•2 views

WordPress plugin DocoDoco Store Locator 代码问题漏洞

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

7.2CVSS8AI score0.00634EPSS

Exploits0References4

GithubExploit•added 2025/10/14 9:25 a.m.•477 views

Exploit for CVE-2025-11001

🔒 Se7enSlip - 7-Zip Vulnerability Scanner A stunning, interac...

8.2CVSS6.5AI score0.27017EPSS

Exploits11

Cvelist•added 2025/10/11 8:29 a.m.•9 views

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00697EPSS

Exploits0References3

Vulnrichment•added 2025/10/11 8:29 a.m.•1 views

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

9.8CVSS7.2AI score0.00697EPSS

Exploits0References3