CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

196 matches found

Nuclei•added 2026/05/29 3:59 a.m.•13 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.3AI score0.87141EPSS

Exploits1References4

ATTACKERKB•added 2026/05/17 10:0 p.m.•6 views

CVE-2026-8765

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...

5.3CVSS5.5AI score0.00082EPSS

Exploits1References4Affected Software1

Snyk•added 2026/04/01 9:36 p.m.•3 views

External Control of File Name or Path

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/chats/import endpoint when unsanitized input in the charactername parameter is used to construct file paths. An attacker can write arbitrar...

8.1CVSS6AI score0.00075EPSS

Exploits1References3

NVD•added 2026/03/21 12:16 a.m.•1 views

CVE-2026-33238

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...

4.3CVSS0.00018EPSS

Exploits1References3

CVE•added 2026/03/20 10:37 p.m.•2 views

CVE-2026-32733

Halloy (IRC app in Rust) contained a path-traversal flaw in the DCC receive flow prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6. A remote user could send a DCC SEND filename with path traversal sequences (e.g., ../../.ssh/authorized_keys) and the file could be written outside the user’s...

8.7CVSS5.9AI score0.00024EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/03/09 12:0 a.m.•0 views

Qnap QTS and QuTS Improper Link Resolution Before File Access (CVE-2025-66277)

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

9.8CVSS5.8AI score0.00093EPSS

Exploits0References2

OSV•added 2026/03/07 5:27 a.m.•2 views

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00028EPSS

Exploits1References5

CVE•added 2026/03/07 5:27 a.m.•5 views

CVE-2026-30828

CVE-2026-30828 affects Wallos prior to version 4.6.2, where the url parameter can be used to retrieve local system files. The issue has been patched in 4.6.2. Reported CVSS 4.0/8.7 (HIGH) with network attack vector, low complexity and no user interaction required; impact is limited to confidentia...

8.7CVSS5.7AI score0.00028EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/11 12:15 p.m.•12 views

CVE-2025-66277

CVE-2025-66277 is a high-severity, network-exploitable vulnerability in several QNAP OS platforms where a crafted link can enable filesystem traversal to unintended locations. The CVE lists a root cause related to path traversal within a link-following component and indicates a modified impact on...

9.8CVSS5.5AI score0.00093EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/11 12:15 p.m.•2 views

CVE-2025-66277

9.2CVSS5.5AI score0.00093EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/01/23 2:47 a.m.•2 views

CVE-2025-11002

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on...

7CVSS6.4AI score0.00135EPSS

Exploits1References2

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 8 : unbound-1.7.3-15.el8 (AXSA:2021-2060:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2060:02 advisory. unbound: integer overflow in the regional allocator via regionalalloc CVE-2019-25032 unbound: integer overflow in sldnsstr2wirednamebuforigin can le...

9.8CVSS5.7AI score0.01026EPSS

Exploits0References12

IBM Security Bulletins•added 2025/12/02 2:51 p.m.•9 views

Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app

Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

9.4CVSS5.5AI score0.01319EPSS

Exploits5Affected Software1

OSV•added 2025/11/19 10:16 p.m.•0 views

UBUNTU-CVE-2025-11001

7.8CVSS7.5AI score0.00258EPSS

Exploits11References4