CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

CVE-2026-42315

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS5.6AI score0.0006EPSS

Exploits1References1

Snyk•added 2026/01/19 9:46 p.m.•1 views

Directory Traversal

Overview swingmusic is a Swing Music Affected versions of this package are vulnerable to Directory Traversal via the listfolders function in the /folder/dir-browser endpoint. An attacker can access arbitrary directories on the server filesystem by sending crafted requests as an authenticated...

5.3CVSS6.5AI score0.00073EPSS

Exploits1References2

CNNVD•added 2025/12/01 12:0 a.m.•3 views

Gin-Vue-Admin 路径遍历漏洞

Gin-Vue-Admin is flipped-aurora open source a full-stack predevelopment infrastructure platform based on Vue and Gin development. A path traversal vulnerability exists in Gin-Vue-Admin version 2.8.6 and earlier, which stems from an attacker being able to control the FileMd5 parameter to delete...

9.1CVSS6.6AI score0.00149EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-6008

Malware in sbrugna...

5.5CVSS6.4AI score0.01343EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-0577

Malware in sbrugna...

3.3CVSS7.5AI score0.00031EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-57818

Malicious code in bioql PyPI...

8.7CVSS9AI score0.00649EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-50155

Malicious code in bioql PyPI...

7.3CVSS8.9AI score0.00221EPSS

Exploits0References1

Tenable Nessus•added 2025/09/03 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2023-30943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user c...

6.5CVSS6.1AI score0.26507EPSS

Exploits3References2

AlpineLinux•added 2025/06/27 2:15 p.m.•2 views

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

3.2CVSS7.3AI score0.00072EPSS

Exploits0References6

OSV•added 2025/06/27 2:15 p.m.•1 views

DEBIAN-CVE-2025-46415

3.2CVSS5.5AI score0.00072EPSS

Exploits0References1

OSV•added 2025/06/27 2:15 p.m.•1 views

UBUNTU-CVE-2025-46415

3.2CVSS5.9AI score0.00072EPSS

Exploits0References10

RedhatCVE•added 2025/05/23 2:41 a.m.•4 views

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

8.7CVSS6AI score0.00649EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:40 a.m.•6 views

CVE-2023-5505

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS6.7AI score0.00563EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:7 a.m.•4 views

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

5.3CVSS6.9AI score0.00232EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 4:43 a.m.•2 views

CVE-2024-9842

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders...

7.3CVSS6.6AI score0.00221EPSS

Exploits0References1

Positive Technologies•added 2025/01/25 12:0 a.m.•3 views

PT-2025-1976 · WordPress · Connections Business Directory

Name of the Vulnerable Software and Affected Versions: Connections Business Directory plugin for WordPress versions up to, and including, 10.4.66 Description: The issue is related to insufficient file path validation when deleting a connections image directory, allowing authenticated attackers wi...

6.5CVSS7.1AI score0.00443EPSS

Exploits0References5

OSV•added 2024/12/03 7:15 p.m.•5 views

CVE-2024-53921

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process...

2.8CVSS5.8AI score0.00123EPSS

Exploits0References1