CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

EUVD•added 2026/05/02 9:6 a.m.•2 views

EUVD-2026-26770

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS6.4AI score0.00316EPSS

Exploits0References2

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-28802

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

7.5CVSS5.9AI score0.00035EPSS

Exploits0References2

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20527

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...

8.7CVSS5.6AI score0.00649EPSS

Exploits0References5

Cvelist•added 2026/01/29 6:5 p.m.•26 views

CVE-2025-15541 Access to System Files via SFTP on TP-Link VX800v

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk...

6.9CVSS0.00011EPSS

Exploits0References2

OSV•added 2026/01/21 6:16 p.m.•0 views

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

7.5CVSS5.9AI score

Exploits0References3

RedhatCVE•added 2026/01/09 10:39 a.m.•6 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS6.7AI score0.85969EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:17 a.m.•8 views

CVE-2019-18670

In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...

7.8CVSS7.1AI score0.00149EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•2 views

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

6.5CVSS7.1AI score0.1984EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:41 a.m.•7 views

CVE-1999-0238

php.cgi allows attackers to read any file on the system...

10CVSS6.8AI score0.02066EPSS

Exploits0References1

NVD•added 2025/12/24 8:15 p.m.•2 views

CVE-2018-25140

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS0.00133EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-14565

Malware in sbrugna...

7.8CVSS7.7AI score0.05561EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-3724

Malware in sbrugna...

5CVSS6.4AI score0.00319EPSS

Exploits0References5