CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

350 matches found

RedhatCVE•added 2026/01/17 3:22 a.m.•10 views

CVE-2026-1020

Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory...

6.9CVSS7.1AI score0.00461EPSS

Exploits0References1

Cvelist•added 2026/01/16 2:57 a.m.•24 views

CVE-2026-1020 Gotac｜Police Statistics Database System - Absolute Path Traversal

Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory...

6.9CVSS0.00461EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:36 a.m.•5 views

CVE-2021-41324

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...

6.5CVSS6.7AI score0.02056EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:45 a.m.•12 views

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

6.5CVSS6.6AI score0.02181EPSS

Exploits5References1

RedhatCVE•added 2026/01/09 10:17 a.m.•3 views

CVE-2019-18867

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...

7.5CVSS6.9AI score0.0122EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:49 a.m.•13 views

CVE-2025-23212

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

7.7CVSS6.7AI score0.00481EPSS

Exploits1References1

NVD•added 2025/12/15 9:15 p.m.•3 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS0.00237EPSS

Exploits1References4

CVE•added 2025/12/09 8:9 p.m.•16 views

CVE-2025-66625

CVE-2025-66625 affects Umbraco CMS (ASP.NET) versions 10.0.0–13.12.0. During the dictionary upload process, unsafe handling/deletion of temporary files enables a backoffice attacker to trigger predictable requests to temporary file paths, causing error responses (HTTP 500 if a file exists, 404 if...

4.9CVSS6.5AI score0.00301EPSS

Exploits0References2Affected Software1

OSV•added 2025/12/09 5:12 p.m.•3 views

GHSA-HFV2-PF68-M33X Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.7AI score0.00301EPSS

Exploits0References4

CNNVD•added 2025/12/09 12:0 a.m.•3 views

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS versions 10.0.0 through 13.12.0, which stems from improper handling of temporary files and could lead to a file enumeration attack...

4.9CVSS6.4AI score0.00301EPSS

Exploits0References3

OSV•added 2025/11/25 10:50 p.m.•5 views

JLSEC-2025-325 A flaw was found in rsync

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS6.2AI score0.01761EPSS

Exploits1References7

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: podman (TSSA-2025:0281)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0281 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.6CVSS7.1AI score0.00358EPSS

Exploits0References2

OSV•added 2025/11/13 9:15 p.m.•3 views

CVE-2025-47220

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...

5.3CVSS5.7AI score0.00233EPSS

Exploits0References3