Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3118 matches found

NVD
NVDadded 2026/02/17 7:16 a.m.3 views

CVE-2026-0829

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

5.8CVSS0.02777EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/17 6:0 a.m.4 views

CVE-2026-0829

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

5.3AI score0.02777EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/17 6:0 a.m.35 views

CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

0.02777EPSS
Exploits0References1
CVE
CVEadded 2026/02/17 6:0 a.m.14 views

CVE-2026-0829

The CVE-2026-0829 entry concerns the Frontend File Manager Plugin for WordPress (up to version 23.5). It states unauthenticated users can relay emails through the site and access/share uploaded files by guessing file IDs, exposing sensitive information and enabling spam/phishing use. The descript...

5.8CVSS5.3AI score0.02777EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/17 6:0 a.m.2 views

CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

5.3AI score0.02777EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/02/17 12:0 a.m.4 views

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

5.8CVSS5.7AI score0.02777EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/09 6:34 p.m.4 views

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS5.5AI score0.0014EPSS
Exploits1References3Affected Software1
Nuclei
Nucleiadded 2026/02/09 9:43 a.m.4 views

WordPress File Manager < 3.0 - Cross-Site Scripting

WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting XSS via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. id: CVE-2018-16363 info: name: WordPress File Manager 3...

5.4CVSS5.1AI score0.00405EPSS
Exploits2References4
CNNVD
CNNVDadded 2026/02/09 12:0 a.m.3 views

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan as an individual developer. Versions of FileRise prior to 3.3.0 contained security vulnerabilities, which were caused by HTML injection, potentially allowing modifications to the DOM or redirecting users...

5.4CVSS5.8AI score0.00076EPSS
Exploits1References5
NVD
NVDadded 2026/02/05 5:16 p.m.4 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.8CVSS0.00135EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2026/02/04 3:15 a.m.4 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

4.3CVSS5.4AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2026/02/03 6:16 p.m.1 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

4.3CVSS0.00014EPSS
Exploits0References2
OSV
OSVadded 2026/02/03 6:16 p.m.3 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

4.3CVSS5.5AI score0.00014EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.3 views

Tiny File Manager 安全漏洞

Tiny File Manager is a web-based open-source file manager developed by Prasath Mani. Versions of Tiny File Manager 2.6 and earlier had security vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the URL upload function, which could lead to server-side request...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/02/03 12:0 a.m.2 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

5.5AI score0.00014EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.2 views

PT-2026-5900

Name of the Vulnerable Software and Affected Versions Tiny File Manager versions through 2.6 Description The software contains a server-side request forgery SSRF issue in the URL upload feature. Insufficient validation of user-supplied URLs allows an attacker to send crafted requests to localhost...

4.3CVSS5.4AI score0.00014EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/03 12:0 a.m.3 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

5.5AI score0.00014EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/03 12:0 a.m.25 views

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

0.00014EPSS
Exploits0References2
CVE
CVEadded 2026/02/03 12:0 a.m.10 views

CVE-2025-46651

CVE-2025-46651 affects Tiny File Manager up to version 2.6, where a server-side request forgery (SSRF) exists in the URL upload feature due to insufficient validation of user-supplied URLs. An attacker can craft requests to localhost (e.g., via domains like http://www.127.0.0.1.example.com/), pot...

4.3CVSS5.5AI score0.00014EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2026/01/29 4:45 p.m.4 views

WordPress Frontend File Manager plugin < 23.5 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Gregory Allegoet & Bakir Tuči in WordPress Plugin Frontend File Manager versions 23.5...

7.7CVSS5.9AI score0.00033EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder