Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/04/22 8:5 p.m.2 views

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS5.8AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.2 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.5 views

PT-2026-30695

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References2
wpexploit
wpexploitadded 2023/05/02 12:0 a.m.478 views

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

2.7CVSS8.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploitadded 2023/03/27 12:0 a.m.131 views

Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal

- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. - The below...

4.9CVSS5.5AI score0.00783EPSS
Exploits2
wpexploit
wpexploitadded 2022/09/14 12:0 a.m.709 views

Enable Media Replace < 4.0.0 - Admin+ Path Traversal

The plugin does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example When replacing the file, select "Replace the file, use new file name and update...

4.9CVSS0.9AI score0.00781EPSS
Exploits2
Rows per page
Query Builder