CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3575 matches found

Cvelist•added 2024/02/13 9:0 a.m.•10 views

CVE-2024-23811

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution...

8.8CVSS9AI score0.00387EPSS

Exploits0References1

Vulnrichment•added 2024/02/08 12:0 a.m.•7 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.7AI score0.00602EPSS

Exploits1References1

NVD•added 2024/02/05 10:16 p.m.•29 views

CVE-2024-0699

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

7.2CVSS7AI score0.01211EPSS

Exploits0References2

Prion•added 2024/02/05 10:16 p.m.•15 views

Input validation

5.8CVSS7.9AI score0.01211EPSS

Exploits0References2Affected Software1

NVD•added 2024/02/05 10:15 p.m.•29 views

CVE-2023-6925

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the...

7.2CVSS7.2AI score0.01496EPSS

Exploits0References2

OSV•added 2024/02/05 10:15 p.m.•2 views

CVE-2023-6635

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...

7.2CVSS6.4AI score0.0155EPSS

Exploits0References3

NVD•added 2024/02/05 10:15 p.m.•15 views

CVE-2023-6635

7.2CVSS7.2AI score0.0155EPSS

Exploits0References3

Prion•added 2024/02/05 10:15 p.m.•23 views

Input validation

5.8CVSS8.2AI score0.0155EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/02/05 9:21 p.m.•28 views

CVE-2023-6925 Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload

7.2CVSS7.5AI score0.01496EPSS

Exploits0References2

Vulnrichment•added 2024/02/05 9:21 p.m.•11 views

CVE-2023-6635 EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload

7.2CVSS7.7AI score0.0155EPSS

Exploits0References3

Cvelist•added 2024/02/05 9:21 p.m.•20 views

CVE-2023-6635 EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload

7.2CVSS7.5AI score0.0155EPSS

Exploits0References3

Vulnrichment•added 2024/02/05 9:21 p.m.•8 views

CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

6.6CVSS7.8AI score0.01211EPSS

Exploits0References2

Cvelist•added 2024/02/05 9:21 p.m.•38 views

CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

6.6CVSS7.5AI score0.01211EPSS

Exploits0References2

CVE•added 2024/02/05 9:21 p.m.•57 views

CVE-2024-0699

CVE-2024-0699 affects the WordPress plugin “AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!” up to version 2.1.4. The vulnerability is an arbitrary file upload flaw caused by missing file type validation in add_image_from_url, exploitable by authenticated attackers with Editor access...

7.2CVSS7.8AI score0.01211EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/02/05 12:0 a.m.•1 views

CVE-2024-22567

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do...

8.7AI score0.17789EPSS

Exploits1References1

CNNVD•added 2024/02/05 12:0 a.m.•3 views

WordPress Plugin File Manager Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.2AI score0.15871EPSS

Exploits1References3

CNNVD•added 2024/02/05 12:0 a.m.•4 views

WordPress plugin Unlimited Addons for WPBakery Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS6.7AI score0.01496EPSS

Exploits0References3

CNNVD•added 2024/02/05 12:0 a.m.•2 views

MingSoft MCMS Security Vulnerability

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.3.5, which stems from a file upload vulnerability that allows an attacker to upload arbitrary files via a crafted POST request...

8.8CVSS7AI score0.17789EPSS

Exploits1References2

NVD•added 2024/01/31 3:15 a.m.•12 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.2AI score0.01219EPSS

Exploits0References3

Prion•added 2024/01/31 3:15 a.m.•14 views

Input validation

5.8CVSS8AI score0.01219EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by