CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

299 matches found

GithubExploit•added 2026/05/22 4:36 p.m.•93 views

Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

8.8CVSS5.9AI score0.91985EPSS

Exploits10

ATTACKERKB•added 2026/04/05 6:0 a.m.•3 views

CVE-2026-5546

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS5.6AI score0.00257EPSS

Exploits0References5Affected Software1

GithubExploit•added 2026/03/14 5:0 p.m.•140 views

Stored-XSS-SVG-File-Upload-PoC

No d...

5.8AI score

Exploits0

GithubExploit•added 2026/03/05 8:13 p.m.•172 views

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

DameFlare !Pythonh...

10CVSS6.3AI score0.0518EPSS

Exploits4

Packet Storm News•added 2026/02/19 12:0 a.m.•3 views

SofaWiki 3.9.2 Shell Upload

This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024...

6AI score

Exploits0

RedhatCVE•added 2026/01/09 11:21 a.m.•6 views

CVE-2021-22358

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal...

4.3CVSS6.8AI score0.00533EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:52 a.m.•3 views

CVE-2020-10386

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...

7.2CVSS7.3AI score0.12339EPSS

Exploits5References1

RedhatCVE•added 2026/01/07 9:17 a.m.•7 views

CVE-2025-1165

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00431EPSS

Exploits0References1

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

8.8CVSS6.5AI score

Exploits0References3

Cvelist•added 2025/12/11 5:32 p.m.•45 views

CVE-2025-14530 SourceCodester Real Estate Property Listing App property.php unrestricted upload

A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

5.8CVSS0.00384EPSS

Exploits1References5

GithubExploit•added 2025/10/25 2:56 a.m.•128 views

Exploit for CVE-2025-12189

Bread & Butter: Gate content + Capture leads + Collect first-p...

4.3CVSS6.8AI score0.00268EPSS

Exploits2