CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

CNNVD•added 2026/05/29 12:0 a.m.•5 views

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from improper validation of the PUT /rustfs/admin/v3/import-iam endpoint, allowing users with the ImportIAMAction...

9.3CVSS5.8AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2026/01/10 5:40 a.m.•2 views

CVE-2026-22042

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data...

8.8CVSS6.9AI score0.00022EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:34 p.m.•5 views

CVE-2023-45282

In NASA Open MCT aka openmct before 3.1.0, prototype pollution can occur via an import action...

7.5CVSS6.9AI score0.00168EPSS

Exploits0References1

NVD•added 2026/01/08 3:15 p.m.•3 views

CVE-2026-22042

8.8CVSS0.00022EPSS

Exploits1References1

OSV•added 2026/01/08 2:58 p.m.•1 views

CVE-2026-22042 RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

7.1CVSS6.8AI score0.00022EPSS

Exploits1References3

Vulnrichment•added 2026/01/08 2:58 p.m.•4 views

CVE-2026-22042 RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

7.1CVSS6.5AI score0.00022EPSS

Exploits1References1

Packet Storm•added 2025/12/11 12:0 a.m.•160 views

📄 WordPress WP for CPI 1.0.2 Shell Upload

WordPress WP for CPI plugin versions 1.0.2 and below suffer from an unauthenticated shell upload vulnerability. ============================================================================================================================================= | Title : WP for CPI 1.0.2 Unauthenticated...

9.8CVSS7AI score0.00565EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-1237

Malware in sbrugna...

4.3CVSS6.4AI score0.00412EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-1941

Malware in sbrugna...

3.5CVSS9.2AI score0.00232EPSS

Exploits1References9

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-2650

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00168EPSS

Exploits0References8

RedhatCVE•added 2025/05/21 7:17 p.m.•6 views

CVE-2008-1228

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

4.3CVSS5.9AI score0.00412EPSS

Exploits1References1

NVD•added 2024/10/12 3:15 a.m.•8 views

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

5.4CVSS0.00072EPSS

Exploits0References2

Positive Technologies•added 2024/10/12 12:0 a.m.•1 views

PT-2024-39892 · WordPress · The Bridge Core

Name of the Vulnerable Software and Affected Versions: The Bridge Core plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber-level permissions or above to modify or lose data due to a missing capability check on the import...

6.5CVSS6.7AI score0.00072EPSS

Exploits0References5

OSV•added 2023/12/15 8:15 a.m.•1 views

CVE-2023-6826

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

7.2CVSS6.5AI score

Exploits0References4

Positive Technologies•added 2023/12/15 12:0 a.m.•2 views

PT-2023-32780 · WordPress · E2Pdf

Name of the Vulnerable Software and Affected Versions: E2Pdf plugin for WordPress versions up to, and including, 1.20.25 Description: The issue arises from insufficient file type validation on the import action function, allowing authenticated attackers with granted access to the plugin to upload...

7.2CVSS7.7AI score0.07288EPSS

Exploits0References8

CNNVD•added 2023/12/15 12:0 a.m.•1 views

WordPress Plugin E2Pdf security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS7AI score0.07288EPSS

Exploits0References5