CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

233 matches found

Veracode•added 2026/01/05 5:48 a.m.•7 views

Path Traversal

AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...

9.2CVSS7.1AI score0.00097EPSS

Exploits3References6Affected Software1

CNNVD•added 2025/12/23 12:0 a.m.•1 views

Home Assistant 安全漏洞

Home Assistant is an open source home automation management system from Home Assistant Open Source. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2025.8.0 that stems from insufficient file path validation and...

4CVSS6.3AI score0.0001EPSS

Exploits1References3

RedhatCVE•added 2025/11/26 7:58 a.m.•16 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.9AI score0.00021EPSS

Exploits1References1

Cvelist•added 2025/11/08 9:28 a.m.•5 views

CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

6.5CVSS0.0193EPSS

Exploits0References3

NVD•added 2025/11/05 6:15 a.m.•1 views

CVE-2025-11072

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

5.3CVSS0.0014EPSS

Exploits0References1

Positive Technologies•added 2025/11/05 12:0 a.m.•2 views

PT-2025-45082

Name of the Vulnerable Software and Affected Versions MelAbu WP Download Counter Button WordPress plugin versions through 1.8.6.7 Description The plugin does not properly check the location of files before allowing downloads. This could allow someone without an account to access and download any...

5.3CVSS6.4AI score0.0014EPSS

Exploits0References4

CNNVD•added 2025/10/31 12:0 a.m.•2 views

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.6AI score0.00956EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-10034

Malware in sbrugna...

7.8CVSS7.4AI score0.00526EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-11971

Malware in sbrugna...

7.8CVSS6.9AI score0.00338EPSS

Exploits0References2

RedhatCVE•added 2025/10/06 6:14 a.m.•13 views

CVE-2025-58769

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS7AI score0.00102EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11515

Malicious code in bioql PyPI...

7.2CVSS7.7AI score0.01476EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-20432

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0172EPSS

Exploits0References1