CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

CVE-2026-37601

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manageappointment.php...

2.7CVSS5.7AI score0.0003EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40533

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description The pbts command-line tool invokes JSDoc by constructing a shell command string from input file paths and executing it via child process.exec. File paths...

7.8CVSS6.1AI score0.00022EPSS

Exploits0References6

Snyk•added 2026/05/07 9:41 p.m.•6 views

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

8.4CVSS5.9AI score0.00057EPSS

Exploits0References3

Github Security Blog•added 2026/05/05 7:53 p.m.•6 views

exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00139EPSS

Exploits0References5Affected Software1

Snyk•added 2026/04/16 10:45 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score

Exploits0References2

Snyk•added 2026/04/16 10:45 p.m.•6 views

External Control of File Name or Path

6CVSS6AI score

Exploits0References2

EUVD•added 2026/03/25 6:31 p.m.•0 views

EUVD-2026-15459

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

5.8AI score0.00512EPSS

Exploits4References7

Snyk•added 2026/03/19 5:46 p.m.•2 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...

9.9CVSS6.1AI score0.00065EPSS

Exploits1References2

CNNVD•added 2026/03/16 12:0 a.m.•3 views

ZKTeco ZKBioSecurity 安全漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...

6.9CVSS5.9AI score0.00012EPSS

Exploits1References6

NVD•added 2026/02/19 9:16 a.m.•2 views

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

8.8CVSS0.00024EPSS

Exploits0References1

CVE•added 2026/02/13 6:10 p.m.•6 views

CVE-2026-21878

The vulnerability CVE-2026-21878 affects BACnet Stack (open source C library) prior to version 1.5.0.rc3, due to lack of validation of user-provided file paths in the file-writing functionality. Affected code paths include apps/readfile/main.c and ports/posix/bacfile-posix.c. The issue allows wri...

7.5CVSS5.7AI score0.00106EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/01/02 3:51 p.m.•1 views

CVE-2025-62842 HBS 3 Hybrid Backup Sync

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

7CVSS6.2AI score0.00017EPSS

Exploits0References1

Vulnrichment•added 2025/12/29 12:32 a.m.•1 views

CVE-2025-15164 Tenda WH450 SafeMacFilter stack-based overflow

A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may b...

8.6CVSS7.6AI score0.00211EPSS

Exploits1References5

EUVD•added 2025/12/05 12:0 a.m.•3 views

EUVD-2016-10801

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...

5CVSS6.2AI score0.00044EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-2366

Malware in sbrugna...

9.8CVSS9.3AI score0.01201EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-18380

Malware in sbrugna...

7.5CVSS7.6AI score0.00694EPSS

Exploits5References3