CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/06/11 2:33 p.m.•5 views

CVE-2025-5880

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

5.3CVSS4.7AI score0.00393EPSS

Exploits1References1

BDU FSTEC•added 2025/06/11 12:0 a.m.•7 views

The vulnerability of the WebDAV protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WebDAV protocol implementation in Windows operating systems is related to the loading of files of a dangerous type due to improper external control of the name or file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when a user accesses a...

10CVSS8.1AI score0.81558EPSS

Exploits10References4

CNNVD•added 2025/06/10 12:0 a.m.•2 views

WordPress plugin TinySalt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS7.8AI score0.00537EPSS

NVD•added 2025/06/09 4:15 p.m.•10 views

CVE-2025-49282

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through = 1.0.9...

8.1CVSS0.00421EPSS

NVD•added 2025/06/09 4:15 p.m.•10 views

CVE-2025-49275

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through = 1.1.1...

8.1CVSS0.00397EPSS

OSV•added 2025/06/09 4:15 p.m.•1 views

CVE-2025-48126

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1...

9.8CVSS5.8AI score0.0039EPSS

ATTACKERKB•added 2025/06/09 4:15 p.m.•0 views

CVE-2025-28888

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme GiftXtore allows PHP Local File Inclusion.This issue affects GiftXtore: from n/a before 1.7.7...

8.1CVSS5.8AI score0.00519EPSS

Positive Technologies•added 2025/06/09 12:0 a.m.•4 views

PT-2025-24461 · Bzotheme · Bzotheme Fitrush

Name of the Vulnerable Software and Affected Versions: BZOTheme Fitrush versions 1.3.4 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

8.1CVSS7.9AI score0.00519EPSS

Exploits0References3

CNNVD•added 2025/06/09 12:0 a.m.•4 views

WordPress plugin BodyCenter - Gym, Fitness WooCommerce 安全漏洞

8.1CVSS7.7AI score0.00519EPSS

Positive Technologies•added 2025/06/09 12:0 a.m.•3 views

PT-2025-24440

Name of the Vulnerable Software and Affected Versions Whistle version 2.9.98 Description A vulnerability has been found in the file /cgi-bin/sessions/get-temp-file, where the manipulation of the filename argument leads to path traversal. The exploit has been disclosed to the public and may be use...

5.3CVSS5.4AI score0.00393EPSS

Exploits1References8

CNNVD•added 2025/06/09 12:0 a.m.•3 views

libarchive 缓冲区错误漏洞

libarchive is a multi-format archive and compression library open-sourced by libarchive. A buffer error vulnerability exists in libarchive, which stems from a difference-in-one error when handling filename prefixes and suffixes, which can lead to memory corruption...

5CVSS4.7AI score0.00161EPSS

Exploits0References5

CNNVD•added 2025/06/09 12:0 a.m.•1 views

WordPress plugin Essential Real Estate 安全漏洞

WordPress Essential Real Estate is a WordPress plugin for creating and managing real estate websites. WordPress Essential Real Estate suffers from a filename miscontrol vulnerability. An attacker can exploit this vulnerability to construct malicious requests that result in PHP native file inclusi...

9.8CVSS6.5AI score0.0039EPSS

8.1CVSS7.3AI score0.00434EPSS

WordPress plugin WP Event Manager 安全漏洞

WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...

CNNVD•added 2025/06/09 12:0 a.m.•1 views

WordPress plugin Fitrush 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS7.6AI score0.00519EPSS

CNNVD•added 2025/06/09 12:0 a.m.•1 views

WordPress plugin Magze 安全漏洞

8.1CVSS6.6AI score0.00421EPSS

8.1CVSS6.5AI score0.00397EPSS

WordPress plugin Magways 安全漏洞

8.1CVSS6.8AI score0.00397EPSS

WordPress plugin Blogmine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Blogmine plugin that stems from improper filename control and can be exploited by an attacker to cause PHP native file...

8.1CVSS6.8AI score0.00397EPSS

WordPress plugin Blogbyte 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress Blogbyte plugi, which stems from improper filename control and can be exploited by an attacker to cause PHP native file...