CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

7.5CVSS0.00466EPSS

Exploits0References2

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40497

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions 3.8.1 through 3.8.2 Description The AP Background plugin for WordPress is susceptible to arbitrary file uploads because of missing authorization and inadequate file validation within the...

8.8CVSS7.7AI score0.00575EPSS

Exploits0References8

NVD•added 2025/10/02 6:15 a.m.•4 views

CVE-2025-11221

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue affects ChangeFlow: from All versions through...

9.4CVSS0.00257EPSS

Exploits0References1

CNNVD•added 2025/10/02 12:0 a.m.•3 views

MarkAny SafePC Enterprise 安全漏洞

MarkAny SafePC Enterprise is an endpoint data leakage prevention software from the Korean company MarkAny. A security vulnerability exists in MarkAny SafePC Enterprise versions prior to V7.0.1 and V5.. versions contain a security vulnerability that stems from a path traversal vulnerability that...

8.8CVSS7AI score0.00275EPSS

Exploits0References1

Positive Technologies•added 2025/10/02 12:0 a.m.•9 views

PT-2025-40417

Name of the Vulnerable Software and Affected Versions LangBot versions 4.1.0 through 4.3.4 Description LangBot is a global IM bot platform designed for LLMs. Authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. The interface does not strictly...

9.4CVSS6.9AI score0.00373EPSS

Exploits0References8

RedhatCVE•added 2025/10/01 4:23 a.m.•3 views

CVE-2025-10000

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS7.3AI score0.00353EPSS

Exploits0References1

RedhatCVE•added 2025/10/01 4:23 a.m.•11 views

CVE-2025-9762

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveattachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

9.8CVSS7.5AI score0.00663EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...

10CVSS0.0057EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by