CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

724 matches found

Snyk•added 2026/02/10 6:55 p.m.•3 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/cmd/azmount/filemanager to version 2.12 or higher...

7.1CVSS5.5AI score0.00099EPSS

Exploits0References2

RedhatCVE•added 2026/01/17 1:18 p.m.•9 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS7.1AI score0.00018EPSS

Exploits0References1

OSV•added 2026/01/16 3:31 p.m.•5 views

GHSA-9G95-48C6-R778 Livewire Filemanager does not restrict uploaded file types

7.5CVSS5.3AI score0.00018EPSS

Exploits0References5

Github Security Blog•added 2026/01/16 3:31 p.m.•12 views

Livewire Filemanager does not restrict uploaded file types

9.8CVSS5.3AI score0.00018EPSS

Exploits0References6Affected Software1

Snyk•added 2026/01/16 1:53 p.m.•9 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00018EPSS

Exploits0References2

OSV•added 2026/01/16 1:16 p.m.•3 views

CVE-2025-14894

9.8CVSS5.3AI score

Exploits0References3

NVD•added 2026/01/16 1:16 p.m.•7 views

CVE-2025-14894

9.8CVSS0.00018EPSS

Exploits0References3

Cvelist•added 2026/01/16 12:43 p.m.•26 views

CVE-2025-14894 CVE-2025-14894

0.00018EPSS

Exploits0References2

ATTACKERKB•added 2026/01/16 12:43 p.m.•6 views

CVE-2025-14894

9.8CVSS5.5AI score0.00018EPSS

Exploits0References3

CVE•added 2026/01/16 12:43 p.m.•25 views

CVE-2025-14894

CVE-2025-14894 concerns Livewire Filemanager used with Laravel. The component LivewireFilemanagerComponent.php reportedly skips file type and MIME validation, enabling Remote Code Execution via uploading a malicious PHP file that, if a storage link/setup is present, can be executed through the /s...

9.8CVSS6.7AI score0.00018EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/01/16 12:43 p.m.•3 views

CVE-2025-14894 CVE-2025-14894

6.7AI score0.00018EPSS

Exploits0References2

Positive Technologies•added 2026/01/16 12:0 a.m.•7 views

PT-2026-3246

Name of the Vulnerable Software and Affected Versions Livewire Filemanager affected versions not specified Description Livewire Filemanager, commonly used in Laravel applications, contains a flaw in LivewireFilemanagerComponent.php where it does not perform adequate file type and MIME validation...

10CVSS6AI score0.00018EPSS

Exploits0References26

CNNVD•added 2026/01/16 12:0 a.m.•2 views

Livewire Filemanager security vulnerabilities

Livewire Filemanager is an open-source file management software developed by Livewire. There is a security vulnerability in Livewire Filemanager, which stems from the lack of file type and MIME validation in the LivewireFilemanagerComponent.php file. This vulnerability may allow remote code...

9.8CVSS6.6AI score0.00018EPSS

Exploits0References4

CERT•added 2026/01/16 12:0 a.m.•8 views

Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application...

9.8CVSS8.2AI score0.00018EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:17 p.m.•7 views

CVE-2018-10523

CMS Made Simple CMSMS through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajaxgettemplates.php, /modules/DesignManager/action.ajaxgetstylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php...

5.3CVSS6.7AI score0.00477EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•9 views

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

9.8CVSS6.8AI score0.90732EPSS

Exploits6References1

RedhatCVE•added 2026/01/09 9:50 a.m.•2 views

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

5.4CVSS5.6AI score0.00415EPSS

Exploits1References1

EUVD•added 2025/12/28 6:30 p.m.•3 views

EUVD-2025-205521

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...

5.8CVSS6.3AI score0.00037EPSS

Exploits1References5

OSV•added 2025/12/28 4:15 p.m.•1 views

CVE-2025-15143

7.2CVSS5.6AI score0.00037EPSS

Exploits1References4

Cvelist•added 2025/12/28 4:2 p.m.•22 views

CVE-2025-15143 EyouCMS Backend Template Management FilemanagerLogic.php sql injection

5.8CVSS0.00037EPSS

Exploits1References4

Rows per page