CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS0.00577EPSS

Exploits0References6

EUVD•added 2026/06/18 6:5 a.m.•9 views

EUVD-2026-37854

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

9.6CVSS5.8AI score0.00227EPSS

Exploits0References2

OSV•added 2026/06/18 6:2 a.m.•4 views

MINI-GFV5-G5J8-XPRC

Bulletin has no description...

7.5CVSS4.9AI score0.00359EPSS

Exploits0

OSV•added 2026/06/18 6:2 a.m.•4 views

MINI-5V2M-J8R6-2XCG

Bulletin has no description...

9.1CVSS5AI score0.00368EPSS

Exploits0

EUVD•added 2026/06/18 6:0 a.m.•8 views

EUVD-2026-37852

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

6.5CVSS5.9AI score0.00215EPSS

Exploits0References1

CVE•added 2026/06/18 6:0 a.m.•21 views

CVE-2026-9815

The CVE-2026-9815 entry concerns the MagicForm WordPress plugin (versions up to 0.1.3). The affected component is the file upload path via an unauthenticated AJAX action, where the per-field extension allowlist being empty leads to improper validation of uploaded file types. As a result, unauthen...

6.5CVSS6AI score0.00215EPSS

Exploits0References1

Cvelist•added 2026/06/18 6:0 a.m.•20 views

CVE-2026-9815 MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE

0.00215EPSS

Exploits0References1

ICS•added 2026/06/18 6:0 a.m.•8 views

AVer PTC cameras

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or...

9.8CVSS6.2AI score0.00616EPSS

Exploits0References13

ICS•added 2026/06/18 6:0 a.m.•6 views

AzeoTech DAQFactory (Update A)

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.4CVSS6.2AI score0.00148EPSS

Exploits0References11

OSV•added 2026/06/18 5:59 a.m.•3 views

MINI-96GM-PX7J-HQ3V

Bulletin has no description...

7.5CVSS4.9AI score0.00304EPSS

Exploits0

OSV•added 2026/06/18 5:49 a.m.•3 views

MINI-43JC-92GM-2CMQ

Bulletin has no description...

7.5CVSS5AI score0.00359EPSS

Exploits0