CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/17 10:45 a.m.•13 views

CVE-2026-8750

CVE-2026-8750 affects h2oai h2o-3 up to version 7402. The vulnerability lies in the ImportFile API’s ImportFile/PersistNFS.java importFiles() function, enabling remote information disclosure due to manipulation of file persistence. Multiple sources (NVD, Red Hat, CVE listings, and PT Security) de...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/05/17 12:0 a.m.•4 views

H2O 信息泄露漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability known as information leakage, which originated from the importFiles function in the PersistNFS.java file within the ImportFile API...

7.5CVSS6AI score0.00013EPSS

Exploits0References2

RedhatCVE•added 2026/03/07 7:59 a.m.•2 views

CVE-2026-28507

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

8.6CVSS6.3AI score0.00644EPSS

Exploits1References1

NVD•added 2026/03/06 5:16 a.m.•3 views

CVE-2026-28507

8.6CVSS0.00644EPSS

Exploits1References2

CVE•added 2026/03/06 4:12 a.m.•5 views

CVE-2026-28507

CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...

8.6CVSS6.5AI score0.00644EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/06 4:12 a.m.•22 views

CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

8.6CVSS0.00644EPSS

Exploits1References2

OSV•added 2026/03/06 4:12 a.m.•0 views

CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

8.6CVSS6.3AI score0.00644EPSS

Exploits1References4

RedhatCVE•added 2026/03/04 1:56 a.m.•3 views

CVE-2025-50198

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

NVD•added 2026/03/02 4:16 p.m.•3 views

Exploits1References1

CVE-2025-50198

8.8CVSS0.00116EPSS

NVD•added 2026/03/02 4:16 p.m.•4 views

CVE-2025-50193

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

7.2CVSS0.00745EPSS

Exploits1References3

CVE•added 2026/03/02 3:46 p.m.•6 views

CVE-2025-50198

CVE-2025-50198 affects Chamilo before version 1.11.30. The vulnerability is a deserialization of untrusted data in /plugin/vchamilo/views/import.php triggered via POST parameters (configuration_file, course_path, home_path). The issue is addressed in Chamilo 1.11.30. According to the provided met...

Exploits1References5Affected Software1

EUVD•added 2026/03/02 3:46 p.m.•3 views

EUVD-2025-208171

ATTACKERKB•added 2026/03/02 3:46 p.m.•3 views

CVE-2025-50198

Exploits1References6Affected Software1

Vulnrichment•added 2026/03/02 3:46 p.m.•5 views

CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters

CNNVD•added 2026/03/02 12:0 a.m.•2 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper deserialization of POST parameters configurationfile, coursepath, and homepath in the...

8.8CVSS6.1AI score0.00116EPSS

Vulnrichment•added 2026/02/05 4:13 p.m.•3 views

CVE-2020-37138 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)

10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and...

9.8CVSS6.3AI score0.00053EPSS

Vulnrichment•added 2026/01/29 2:28 p.m.•3 views

CVE-2020-36997 BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)

BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler SEH chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining...

9.8CVSS6.2AI score0.00018EPSS

CVE•added 2026/01/29 2:28 p.m.•4 views

CVE-2020-36997

CVE-2020-36997 affects BacklinkSpeed 2.4 and describes a buffer overflow that allows an attacker to corrupt the Structured Exception Handler (SEH) chain via a malicious file import. A specially crafted payload file can overwrite SEH addresses, potentially enabling arbitrary code execution and con...

9.8CVSS6.2AI score0.00018EPSS