CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS6AI score0.00433EPSS

Exploits0References8

CVE•added 5 days ago•23 views

CVE-2026-11912

The CVE-2026-11912 entry documents a vulnerability in the WordPress Simple File List plugin (≤ 6.3.7) where insufficient authorization allows arbitrary file modification. The issue affects all versions up to 6.3.7 and enables unauthenticated attackers to delete/modify files on the server. The roo...

7.5CVSS6AI score0.00433EPSS

Exploits0References7

NVD•added 2026/06/09 10:16 a.m.•18 views

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

8.8CVSS0.00206EPSS

Exploits0References1

EUVD•added 2026/06/09 8:46 a.m.•9 views

EUVD-2026-35385

8.8CVSS5.5AI score0.00206EPSS

Exploits0References1

EUVD•added 2026/05/13 6:30 p.m.•12 views

EUVD-2026-29957

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00358EPSS

Exploits0References2

RedhatCVE•added 2026/04/25 11:44 a.m.•2 views

CVE-2026-40254

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A rogue Remote Desktop Protocol RDP server can exploit an off-by-one error in the path traversal filter. This allows the server to read, list, or write files in the directory above the client's shared folder when t...

6.1CVSS5.8AI score0.002EPSS

Exploits1References4

SUSE CVE•added 2026/04/13 11:26 p.m.•2 views

SUSE CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS5.9AI score0.00239EPSS

Exploits1References3

Tenable Nessus•added 2026/03/05 12:0 a.m.•5 views

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

7CVSS6.2AI score0.00682EPSS

Exploits2References7

SUSE Linux•added 2026/03/03 12:16 p.m.•3 views

Security update for busybox

This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...

7.1CVSS6.3AI score0.00682EPSS

Exploits2References8

Cvelist•added 2026/02/11 8:27 p.m.•23 views

CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS0.0016EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:16 a.m.•7 views

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

6.1CVSS6.4AI score0.00395EPSS

Exploits0References1

Japan Vulnerability Notes•added 2025/10/16 2:16 a.m.•5 views

Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal

Overview Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains the following vulnerability. Path traversal CWE-22 - CVE-2025-61941 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Arbitrary file may be altered by ...

8.6CVSS6.9AI score0.00474EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2010-4044

Malware in sbrugna...

4.9CVSS6.2AI score0.00892EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-1083

Malware in sbrugna...

7.2CVSS6.4AI score0.00372EPSS

Exploits0References7