CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Vulnrichment•added 2025/09/10 6:38 a.m.•2 views

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

7.7CVSS4.7AI score0.00057EPSS

Exploits0References3

Positive Technologies•added 2025/09/10 12:0 a.m.•2 views

PT-2025-37006

Name of the Vulnerable Software and Affected Versions: WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.28 Description: The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to unauthorized data access. This is due to the absence of a capabili...

7.7CVSS6AI score0.00057EPSS

Exploits0References6

CNNVD•added 2025/09/10 12:0 a.m.•0 views

WordPress plugin WP Import 安全漏洞

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

7.7CVSS6.7AI score0.00057EPSS

Exploits0References3

Positive Technologies•added 2025/08/25 12:0 a.m.•2 views

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

9.3CVSS6.7AI score0.00065EPSS

Exploits0References9

OSV•added 2024/09/05 4:15 p.m.•0 views

CVE-2024-45175

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a...

8.8CVSS5.8AI score

Exploits0References3

Positive Technologies•added 2024/05/14 12:0 a.m.•3 views

PT-2024-40004 · Scrapy · Scrapy

Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.11.2 Description: The issue allows a malicious actor with write access to the start requests and read access to the spider output to exploit the vulnerability. This can be done by redirecting to any local file using...

6.5CVSS6.9AI score

Exploits0References5

OSV•added 2024/04/04 11:15 p.m.•0 views

UBUNTU-CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.2AI score0.01202EPSS

Exploits0References4

Positive Technologies•added 2024/04/04 12:0 a.m.•7 views

PT-2024-2953

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 6.4.3 WordPress versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40 Descripti...

8.8CVSS6.7AI score0.79284EPSS

Exploits13References37

OSV•added 2023/04/25 7:15 p.m.•0 views

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

7.1CVSS7.1AI score0.00024EPSS

Exploits0References1

CNNVD•added 2023/04/25 12:0 a.m.•1 views

Hewlett Packard Enterprise OneView 安全漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise that facilitates automated device management for IT departments. A security vulnerability exists in Hewlett Packard Enterprise OneView prior to version 8.2, which stems from a device dump that could expose the FTP...

7.1CVSS7AI score0.00024EPSS

Exploits0References3

OSV•added 2023/03/20 12:0 a.m.•0 views

UBUNTU-CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.8AI score0.00036EPSS

Exploits1References5

Positive Technologies•added 2022/07/21 12:0 a.m.•3 views

PT-2022-19268 · Axis · Axis M1125

Name of the Vulnerable Software and Affected Versions: Citilog version 8.0 Description: The server in Citilog allows an attacker, in a man-in-the-middle position between the server and its smart camera Axis M1125, to see FTP credentials in cleartext HTTP traffic. These credentials can be used for...

5.9CVSS5.5AI score0.00146EPSS

Exploits0References6

OSV•added 2020/09/09 7:15 p.m.•2 views

CVE-2018-17771

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N...

6.6CVSS5.8AI score0.0007EPSS

Exploits1References4

OSV•added 2018/07/24 5:29 p.m.•0 views

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

9.8CVSS5.8AI score0.00252EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by