CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/22 6:43 p.m.•5 views

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00016EPSS

Exploits0References3

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Vifm 安全漏洞

Vifm is a Vim-style file manager developed by Vifm. Versions 0.12.1 to 0.14.3 of Vifm contain security vulnerabilities. These vulnerabilities stem from heap buffer overflows during historical merges, which could lead to memory corruption or application crashes...

4.8CVSS5.9AI score0.00022EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в chromium

Before version 101.0.4951.41, using File Manager in Google Chrome allowed a remote attacker to potentially exploit heap corruption through specific and direct user interactions...

8.8CVSS7.3AI score0.00805EPSS

Exploits1References1

ATTACKERKB•added 2026/05/16 3:25 p.m.•4 views

CVE-2020-37238

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when othe...

6.4CVSS5.6AI score0.00034EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/05/15 7:57 p.m.•5 views

CVE-2026-45053

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS5.8AI score0.00245EPSS

NVD•added 2026/05/14 6:16 p.m.•9 views

CVE-2026-44542

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...

9.1CVSS0.00968EPSS

Exploits1References1

SUSE CVE•added 2026/05/13 3:48 a.m.•4 views

SUSE CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

Exploits0References3

PT-2026-40811

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An authenticated arbitrary file upload flaw exists in the REST API File Manager endpoint "POST /api/v1/files". Users possessing an API key with files:rw permissions can upload PHP source files to th...

9.1CVSS6.3AI score0.00245EPSS

Exploits0References5

RedhatCVE•added 2026/05/12 2:21 p.m.•7 views

CVE-2026-8272

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

7.2CVSS5.5AI score0.0005EPSS

Exploits1References1

RedhatCVE•added 2026/05/11 8:25 p.m.•4 views

CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

8.7CVSS5.8AI score0.00339EPSS

EUVD•added 2026/05/11 6:31 p.m.•8 views

EUVD-2026-29087

Github Security Blog•added 2026/05/11 6:31 p.m.•7 views

pgAdmin 4 File Manager has symbolic-link path traversal

Exploits0References4Affected Software1

OSV•added 2026/05/11 6:31 p.m.•1 views

GHSA-HR4R-FWPV-C95J pgAdmin 4 File Manager has symbolic-link path traversal

Snyk•added 2026/05/11 6:31 p.m.•4 views

Exploits0References4

UNIX Symbolic Link (Symlink) Following

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the File Manager. An attacker can cause unauthorized file writes or overwrite arbitrary files by planting a symbolic link inside their own storage directory tha...

8.1CVSS5.9AI score0.00045EPSS

NVD•added 2026/05/11 4:17 p.m.•5 views

CVE-2026-7819

8.1CVSS0.00045EPSS

ATTACKERKB•added 2026/05/11 2:35 p.m.•4 views

CVE-2026-7819

Vulnrichment•added 2026/05/11 2:35 p.m.•7 views

CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

Cvelist•added 2026/05/11 2:35 p.m.•27 views

CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

8.1CVSS0.00045EPSS

CVE•added 2026/05/11 2:35 p.m.•14 views

CVE-2026-7819

CVE-2026-7819 describes a symbolic-link path traversal in pgAdmin 4 File Manager. The vulnerability arises because check_access_permission used os.path.abspath (resolving ..) but not symbolic links, allowing an authenticated user to plant a symlink within their storage directory that points elsew...