CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

713 matches found

CVE-2026-10172

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS5.5AI score0.00036EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-33527

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

6.5CVSS6.2AI score0.00036EPSS

Exploits0References5

Positive Technologies•added 3 days ago•5 views

PT-2026-45222

6.5CVSS6.2AI score0.00036EPSS

Exploits0References6

CNNVD•added 3 days ago•2 views

Metasoft MetaCRM code-related vulnerabilities

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft Corporation. Version 6.4.0 of Metasoft MetaCRM contains a code vulnerability. This vulnerability stems from the develop/systparam/softlogo/upload.jsp file, which lacks restrictions on uploads, potentially...

6.5CVSS6.7AI score0.00036EPSS

Exploits0References5

Positive Technologies•added 4 days ago•6 views

PT-2026-45176

6.5CVSS5.5AI score0.00036EPSS

Exploits0References6

OSSF Malicious Packages•added 2026/05/26 7:33 a.m.•10 views

Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

5.9AI score

Exploits0References1

OSV•added 2026/05/26 7:33 a.m.•4 views

MAL-2026-4782 Malicious code in @catclaw/message-logger-plugin (npm)

5.9AI score

Exploits0References1

CVE•added 2026/05/25 3:15 a.m.•10 views

CVE-2026-9421

CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...

7.5CVSS6.8AI score0.00047EPSS

Exploits0References3

EUVD•added 2026/05/25 3:15 a.m.•11 views

EUVD-2026-31624

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00047EPSS

Exploits0References3

Positive Technologies•added 2026/05/25 12:0 a.m.•9 views

PT-2026-42999

7.5CVSS6.8AI score0.00047EPSS

Exploits0References3

RedhatCVE•added 2026/05/18 7:58 p.m.•4 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS6AI score0.00271EPSS

Exploits0References1

RedhatCVE•added 2026/05/18 1:58 p.m.•6 views

CVE-2026-8758

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.0005EPSS

Exploits0References1

NVD•added 2026/05/17 2:16 p.m.•7 views

CVE-2026-8758

7.5CVSS0.0005EPSS

Exploits0References4

ATTACKERKB•added 2026/05/17 1:45 p.m.•5 views

CVE-2026-8758

7.5CVSS6.8AI score0.0005EPSS

Exploits0References4

EUVD•added 2026/05/12 9:31 p.m.•5 views

EUVD-2026-29803

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.00318EPSS

Exploits0References2

Github Security Blog•added 2026/05/04 6:32 a.m.•4 views

Funadmin has an Improper Access Control Issue

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00059EPSS

Exploits0References8Affected Software1

ATTACKERKB•added 2026/05/04 4:45 a.m.•1 views

CVE-2026-7733

7.5CVSS6.7AI score0.00059EPSS

Exploits0References6

Github Security Blog•added 2026/05/04 12:30 a.m.•9 views

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.0005EPSS

Exploits0References6Affected Software1

NVD•added 2026/05/04 12:16 a.m.•3 views

CVE-2026-7711

7.5CVSS0.0005EPSS

Exploits0References4

Positive Technologies•added 2026/05/04 12:0 a.m.•0 views

PT-2026-36762

7.5CVSS6.7AI score0.00059EPSS

Exploits0References7

Rows per page