CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

NVD•added 2026/05/21 10:16 p.m.•8 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS0.0003EPSS

Exploits0References1

Github Security Blog•added 2026/05/19 3:55 p.m.•5 views

n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

5.9AI score

Exploits0References2Affected Software1

Cvelist•added 2026/05/14 7:52 p.m.•26 views

CVE-2026-8586

Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...

0.00008EPSS

Exploits0References2

CloudLinux•added 2026/04/29 7:5 a.m.•4 views

python: Fix of CVE-2019-9948

CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...

9.1CVSS6.8AI score0.00918EPSS

Exploits1

OSV•added 2026/04/29 7:5 a.m.•3 views

CLSA-2026-1777446306 python: Fix of CVE-2019-9948

CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...

9.1CVSS6.8AI score0.00918EPSS

Exploits1References1

OSV•added 2026/04/28 4:32 p.m.•3 views

CLSA-2026-1777393949 python: Fix of CVE-2019-9948

CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...

9.1CVSS6.8AI score0.00918EPSS

Exploits1References1

NVD•added 2026/04/08 3:16 p.m.•2 views

CVE-2026-39406

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS0.00019EPSS

Exploits0References1

Tenable Nessus•added 2026/03/17 12:0 a.m.•0 views

Debian dsa-6166 : libnode-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6166 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6166-1 [email protected] https://www.debian.org/securit...

9.1CVSS7AI score0.00169EPSS

Exploits2References16

RedHat Linux•added 2026/02/17 9:32 a.m.•4 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7AI score0.00109EPSS

Exploits2References7

OPENSUSE Linux•added 2026/01/25 12:0 a.m.•3 views

Security update for podman (important)

openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20072-1 Rating: important References: bsc1249154 bsc1252376 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-9566 CVSS scores...

8.1CVSS6.8AI score0.00086EPSS

Exploits4References2

RedhatCVE•added 2026/01/09 10:45 a.m.•10 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS6.7AI score0.00875EPSS

Exploits2References1

IBM Security Bulletins•added 2026/01/09 12:45 a.m.•5 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials (CVE-2025-56200, CVE-2025-64118, CVE-2025-59343)

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-56200 DESCRIPTION: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to par...

8.7CVSS6.2AI score0.0005EPSS

Exploits1Affected Software1

Vulnrichment•added 2025/11/18 9:27 a.m.•3 views

CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...

8.8CVSS6.5AI score0.0008EPSS

Exploits0References3

Cvelist•added 2025/11/18 9:27 a.m.•8 views

CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

8.8CVSS0.0008EPSS

Exploits0References3