CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/02/11 7:30 a.m.•4 views

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS6.5AI score0.00326EPSS

RedhatCVE•added 2026/01/23 9:18 a.m.•5 views

CVE-2026-1331

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS6.5AI score0.00098EPSS

Positive Technologies•added 2026/01/20 12:0 a.m.•5 views

PT-2026-3542

Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller affected versions not specified Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an arbitrary file upload issue. This allows remote attackers with sufficient privileges to upload and...

8.6CVSS6.3AI score0.0041EPSS

Exploits0References5

RedhatCVE•added 2026/01/06 9:6 a.m.•4 views

CVE-2025-15240

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS8.2AI score0.0017EPSS

OSV•added 2026/01/05 9:15 a.m.•2 views

CVE-2025-15240

8.8CVSS6.4AI score0.0017EPSS

RedhatCVE•added 2025/12/30 8:16 a.m.•10 views

CVE-2025-15228

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS8.4AI score0.00608EPSS

Vulnrichment•added 2025/12/29 7:18 a.m.•2 views

CVE-2025-15228 WELLTEND TECHNOLOGY｜ BPMFlowWebkit - Arbitrary File Upload

9.8CVSS8.1AI score0.00608EPSS

EUVD•added 2025/12/29 7:18 a.m.•3 views

EUVD-2025-205563

9.8CVSS8AI score0.00608EPSS

EUVD•added 2025/12/29 6:39 a.m.•10 views

EUVD-2025-205558

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS8AI score0.00608EPSS

RedhatCVE•added 2025/11/11 3:47 a.m.•3 views

CVE-2025-12867

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS8.3AI score0.00329EPSS

Vulnrichment•added 2025/11/10 3:2 a.m.•1 views

CVE-2025-12867 Hundred Plus｜EIP Plus - Arbitrary File Uplaod

8.6CVSS8AI score0.00329EPSS

RedhatCVE•added 2025/10/21 4:25 a.m.•3 views

CVE-2025-11948

Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS8.5AI score0.00638EPSS

NVD•added 2025/10/20 4:15 a.m.•1 views

CVE-2025-11948

9.8CVSS0.00638EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-22060

Malicious code in bioql PyPI...

8.6CVSS6.5AI score0.01217EPSS

RedhatCVE•added 2025/08/02 8:22 p.m.•2 views

CVE-2025-8323

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS7.7AI score0.00975EPSS

Cvelist•added 2025/07/30 2:54 a.m.•6 views

CVE-2025-8323 Ventem｜e-School - Arbitrary File Upload

8.8CVSS0.00975EPSS

Positive Technologies•added 2025/07/30 12:0 a.m.•3 views

PT-2025-31375 · Ventem · E-School

Name of the Vulnerable Software and Affected Versions: e-School from Ventem affected versions not specified Description: The e-School from Ventem has an Arbitrary File Upload vulnerability. This allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary...

8.8CVSS7.5AI score0.00975EPSS

Exploits0References10

RedhatCVE•added 2025/07/23 7:3 a.m.•9 views

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS8.4AI score0.01217EPSS

CVE•added 2025/05/12 6:44 a.m.•86 views

CVE-2025-4561

CVE-2025-4561 affects KingFor KFOX. Multiple sources confirm an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and execute web shell backdoors, resulting in arbitrary code execution on the server. Root cause identified as improper handling of fi...

8.8CVSS9.1AI score0.01201EPSS