CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/04/26 12:0 a.m.•3 views

formidable 安全特征问题漏洞

formidable is a Node.js module for formidable for parsing form data, especially file uploads. A security signature issue vulnerability exists in versions of formidable prior to 2.1.0 through 3.5.3, which stems from an insufficiently secure filename generated by hexoid, which could lead to the...

8.8CVSS5.5AI score0.00343EPSS

Exploits1References5

Debian CVE•added 2025/04/26 12:0 a.m.•3 views

CVE-2025-46653

3.1CVSS4.6AI score0.00343EPSS

Exploits1

Cvelist•added 2025/04/26 12:0 a.m.•11 views

CVE-2025-46653

3.1CVSS0.00343EPSS

Exploits1References3

CVE•added 2025/04/26 12:0 a.m.•238 views

CVE-2025-46653

CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...

3.1CVSS7.3AI score0.00343EPSS

Exploits1References3Affected Software1

NVD•added 2025/04/24 4:15 p.m.•12 views

CVE-2025-39399

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows PHP Local File Inclusion.This issue affects License For Envato: from n/a through = 1.0.0...

7.5CVSS0.00611EPSS

NVD•added 2025/04/24 4:15 p.m.•8 views

CVE-2025-39378

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows PHP Local File...

7.5CVSS0.00611EPSS

WordPress plugin Checkout Field Visibility for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin License For Envato 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Positive Technologies•added 2025/04/24 12:0 a.m.•4 views

PT-2025-17740 · Unknown · Wpoperation Arrival

Name of the Vulnerable Software and Affected Versions: WPoperation Arrival versions 1.4.5 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local...

7.5CVSS7.8AI score0.0056EPSS

Exploits0References5

7.5CVSS7.9AI score0.00611EPSS

WordPress plugin cedcommerce Product Lister for eBay 安全漏洞

CNNVD•added 2025/04/24 12:0 a.m.•1 views

WordPress plugin Opstore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CNNVD•added 2025/04/24 12:0 a.m.•3 views

WordPress plugin Capturly 安全漏洞

7.5CVSS7.8AI score0.0056EPSS

WordPress plugin Grace Mag 安全漏洞