CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

EUVD•added 2026/05/02 9:6 a.m.•5 views

EUVD-2026-26770

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS6.4AI score0.00465EPSS

Exploits0References2

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-28802

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

7.5CVSS5.9AI score0.00309EPSS

Exploits0References2

Positive Technologies•added 2026/02/18 12:0 a.m.•6 views

PT-2026-20527

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...

8.7CVSS5.6AI score0.00765EPSS

Exploits0References5

Cvelist•added 2026/01/29 6:5 p.m.•29 views

CVE-2025-15541 Access to System Files via SFTP on TP-Link VX800v

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk...

6.9CVSS0.00253EPSS

Exploits0References2

OSV•added 2026/01/21 6:16 p.m.•2 views

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

7.5CVSS5.9AI score0.012EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 10:39 a.m.•9 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS6.7AI score0.12476EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:17 a.m.•8 views

CVE-2019-18670

In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...

7.8CVSS7.1AI score0.00793EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•5 views

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

6.5CVSS7.1AI score0.01848EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:41 a.m.•9 views

CVE-1999-0238

php.cgi allows attackers to read any file on the system...

10CVSS6.8AI score0.06285EPSS

Exploits0References1

NVD•added 2025/12/24 8:15 p.m.•4 views

CVE-2018-25140

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS0.00283EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-13381

Malware in sbrugna...

9.8CVSS9.4AI score0.02121EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-9500

Malware in sbrugna...

7.5CVSS7.8AI score0.00773EPSS

Exploits0References2