CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8789 matches found

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS5.9AI score0.01158EPSS

Exploits1References3

Nuclei•added 15 hours ago•86 views

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

7.5CVSS7.2AI score0.39885EPSS

Exploits1References2

Nuclei•added 15 hours ago•7 views

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

8.8CVSS6.2AI score0.02104EPSS

Exploits4References3

Nuclei•added 15 hours ago•22 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.5AI score0.03983EPSS

Exploits2References4

Nuclei•added 15 hours ago•10 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS7.4AI score0.01083EPSS

Exploits0References3

CVE•added yesterday•12 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp prior to 2026.06.09. A vulnerability allows writing arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) to the user’s filesystem by exploiting an allowlist that was meant to preserve the --write-link functionality, bypassing CVE-2024-38519. The issue is trigg...

8.3CVSS6AI score0.00118EPSS

Exploits0References4

RedHat Linux•added yesterday•4 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS

Exploits0References7

NVD•added yesterday•7 views

CVE-2026-8378

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

5.4CVSS0.00153EPSS

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-8378

CVE-2026-8378 affects the WordPress plugin “Frontend File Manager” up to version 23.6. The vulnerability is a Stored Cross-Site Scripting (XSS) in the frontend file-rename endpoint: the plugin does not sanitize or escape the submitted filename before storing it as post meta and re-rendering it in...

5.4CVSS5.9AI score0.00153EPSS

Exploits0References1

ATTACKERKB•added yesterday•4 views

CVE-2026-8378

5.4CVSS5.9AI score0.00153EPSS

Exploits0References1

RedHat Linux•added 2 days ago•10 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

6.6CVSS6.4AI score0.00501EPSS

Exploits0References7

NVD•added 2 days ago•7 views

CVE-2026-55388

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS0.00296EPSS

Exploits0References1

OSV•added 2 days ago•2 views

DEBIAN-CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00176EPSS

Exploits0References1

NVD•added 2 days ago•8 views

CVE-2026-53537

3.7CVSS0.00176EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-53537

3.7CVSS5.9AI score0.00176EPSS

Exploits0References2Affected Software1

Debian CVE•added 2 days ago•5 views

CVE-2026-53537

3.7CVSS5.9AI score0.00176EPSS

Exploits0

CVE•added 2 days ago•27 views

CVE-2026-55388

Summary: CVE-2026-55388 affects piscina (node.js worker pool). Before versions 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina reads options.filename by plain member access in both the constructor and run() paths, allowing the read to fall through the prototype chain. If Object.prototype.filename is pollut...

8.1CVSS5.8AI score0.00296EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-55388

8.1CVSS5.8AI score0.00296EPSS

Exploits0References2Affected Software1