CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8806 matches found

CNNVD•added 2025/04/04 12:0 a.m.•2 views

WordPress plugin Sparkle Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS7.9AI score0.00878EPSS

Exploits0References1

Positive Technologies•added 2025/04/04 12:0 a.m.•5 views

PT-2025-14932 · Joomsky · Joomsky Js Job Manager

Name of the Vulnerable Software and Affected Versions: JoomSky JS Job Manager versions n/a through 2.0.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Loca...

8.8CVSS9AI score0.00613EPSS

Exploits0References5

CNNVD•added 2025/04/04 12:0 a.m.•3 views

WordPress plugin Real Estate Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS7.9AI score0.00878EPSS

Exploits0References1

CNNVD•added 2025/04/04 12:0 a.m.•9 views

WordPress plugin Just Post Preview Widget 安全漏洞

7.5CVSS7.9AI score0.00878EPSS

Exploits0References1

CNNVD•added 2025/04/04 12:0 a.m.•3 views

WordPress plugin Catch Dark Mode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS7.8AI score0.00759EPSS

Exploits0References1

CNNVD•added 2025/04/04 12:0 a.m.•7 views

WordPress plugin Fami WooCommerce Compare 安全漏洞

7.5CVSS7.8AI score0.00467EPSS

Exploits0References1

RedHat Linux•added 2025/04/01 3:15 p.m.•1 views

jinja2: Jinja has a sandbox breakout through malicious filenames

A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...

8.8CVSS7.5AI score0.00298EPSS

Exploits0References8

ATTACKERKB•added 2025/04/01 6:15 a.m.•0 views

CVE-2025-30901

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through = 2.9.2...

8.1CVSS7.2AI score0.00761EPSS

Exploits0References3

OSV•added 2025/04/01 6:15 a.m.•1 views

CVE-2025-30849

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0...

9.8CVSS7.3AI score0.00711EPSS

Exploits0References1

SUSE CVE•added 2025/03/29 3:3 a.m.•1 views

SUSE CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS6.8AI score0.00294EPSS

Exploits0References3

OSV•added 2025/03/28 1:55 p.m.•1 views

SUSE-SU-2025:20254-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed Jinja sandbox breakout through attr filter selecting format method bsc1238879 - CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 - CVE-2024-56326: Fixed sandbox...

8.8CVSS6.9AI score0.00496EPSS

Exploits0References7

OSV•added 2025/03/27 4:15 p.m.•1 views

CVE-2025-26909

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01...

9.8CVSS5.8AI score0.00662EPSS

Exploits1References1

ATTACKERKB•added 2025/03/27 11:15 a.m.•1 views

CVE-2025-30891

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS7.2AI score0.00575EPSS

Exploits0References3

NVD•added 2025/03/27 11:15 a.m.•9 views

CVE-2025-30890

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SuitePlugins Login Widget for Ultimate Member login-widget-for-ultimate-member allows PHP Local File Inclusion.This issue affects Login Widget for Ultimate Member: from n/a throu...

7.5CVSS0.00676EPSS

Exploits0References1

ATTACKERKB•added 2025/03/27 11:15 a.m.•1 views

CVE-2025-30868

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Maidul Team Manager wp-team-manager allows PHP Local File Inclusion.This issue affects Team Manager: from n/a through = 2.1.23...

7.5CVSS7.2AI score0.00931EPSS

Exploits0References3

CNNVD•added 2025/03/27 12:0 a.m.•1 views

WordPress plugin HUSKY 安全漏洞

7.5CVSS6.6AI score0.00524EPSS

Exploits0References2

CNNVD•added 2025/03/27 12:0 a.m.•2 views

WordPress plugin WpTravelly 安全漏洞

8.8CVSS8.5AI score0.00575EPSS

Exploits0References2

CNNVD•added 2025/03/27 12:0 a.m.•1 views

WordPress plugin WishSuite 安全漏洞