CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx...

7.8CVSS7AI score0.00362EPSS

Exploits1References1

NVD•added 2025/05/07 9:15 a.m.•8 views

CVE-2025-20978

Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege...

6.2CVSS0.0008EPSS

Exploits0References1

CVE•added 2025/03/06 5:4 a.m.•57 views

CVE-2025-20926

CVE-2025-20926 affects Samsung My Files on Android 14, prior to version 15.0.07.5. Root cause: improper export of Android application components. Impact: local attackers with My Files privileges may access files within My Files. Exploitation status and in-the-wild details are not provided in the ...

5.5CVSS6.8AI score0.0009EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/03/04 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2015-3412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read...

5.3CVSS6.9AI score0.01006EPSS

Exploits1References2