Lucene search
K

2205 matches found

CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25326

CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

WordPress plugin Google Drive 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34834

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.38 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS0.00397EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.11 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

WordPress plugin Backup and Restore 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:40 p.m.8 views

CVE-2026-44565

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS5.8AI score0.00454EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.6 views

Microsoft Azure Monitor Agent < 1.14.0 Elevation of Privilege (CVE-2026-32204)

The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.14.0. It is, therefore, affected by an elevation of privilege vulnerability: - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. An...

7.8CVSS5.8AI score0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:18 p.m.3 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS6AI score0.00347EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/13 9:32 p.m.8 views

EUVD-2026-30111

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.11 views

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.8AI score0.00652EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.9 views

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.51 views

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.20 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from the CallSite wrapper class allowing...

5.8CVSS5.9AI score0.00241EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.15 views

EUVD-2026-29690

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.8AI score0.00652EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.12 views

EUVD-2026-29678

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...

4.3CVSS5.8AI score0.0062EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.12 views

EUVD-2026-29652

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.8 views

EUVD-2026-29574

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:17 p.m.19 views

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS0.00652EPSS
Exploits0References1
Rows per page
Query Builder