CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

337 matches found

RedhatCVE•added 2026/01/14 8:22 p.m.•5 views

CVE-2025-37174

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

7.2CVSS7.3AI score0.00476EPSS

Exploits0References1

Cvelist•added 2026/01/13 8:5 p.m.•22 views

CVE-2025-37174 Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface

7.2CVSS0.00476EPSS

Exploits0References1

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2458

7.2CVSS7.3AI score0.00476EPSS

Exploits0References3

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2770

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...

8.6CVSS6.7AI score0.00195EPSS

Exploits0References4

CNNVD•added 2026/01/10 12:0 a.m.•4 views

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00233EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:1 p.m.•7 views

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.02208EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:59 a.m.•8 views

CVE-2018-19449

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.02329EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:55 a.m.•5 views

CVE-2022-38638

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

9.1CVSS7.4AI score0.00965EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:3 a.m.•8 views

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

5.5CVSS7AI score0.00311EPSS

Exploits1References1

Patchstack•added 2025/12/11 11:49 p.m.•6 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write vulnerability

Missing Authorization to Unauthenticated Limited File Write vulnerability discovered by NumeX in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

5.3CVSS6.8AI score0.00235EPSS

Exploits0References1Affected Software1

OSV•added 2025/12/10 11:5 p.m.•4 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.8AI score0.00249EPSS

Exploits0References5

NVD•added 2025/12/04 4:16 p.m.•9 views

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...

5.6CVSS0.00081EPSS

Exploits0References1

Snyk•added 2025/11/19 8:3 p.m.•5 views

Directory Traversal

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Directory Traversal via a mismatch in path normalization between routing and middleware validation. An attacker can access protected...

6.9CVSS7.7AI score0.0047EPSS

Exploits1References2

Vulnrichment•added 2025/10/30 9:41 p.m.•4 views

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS8AI score0.02007EPSS

Exploits0References3

Tenable Nessus•added 2025/10/17 12:0 a.m.•6 views

ArubaOS 8.10.x < 8.10.0.19 / 8.12.x < 8.12.0.6 / 8.13.x < 8.13.1.0 / 10.4.x < 10.4.1.9 / 10.7.x < 10.7.2.1 Multiple Vulnerabilities (HPESBNW04957)

The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities as referenced in the HPESBNW04957 advisory: - An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating...

7.2CVSS6.2AI score0.01274EPSS

Exploits0References15