CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1283 matches found

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php id: CVE-2018-6910 info: name: DedeCMS 5.7 - Path Disclosure author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover t...

7.5CVSS7.2AI score0.90545EPSS

Exploits1References5

EUVD•added 2026/05/12 9:9 p.m.•6 views

EUVD-2026-29845

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00011EPSS

Exploits0References1

Positive Technologies•added 2026/03/03 12:0 a.m.•3 views

PT-2026-22951

Name of the Vulnerable Software and Affected Versions Craft versions prior to 5.9.0-beta.1 Craft versions prior to 4.17.0-beta.1 Description Craft is a content management system CMS. A flaw exists where the "Duplicate" entry action does not properly verify user permissions for specific target...

7.1CVSS5.9AI score0.00042EPSS

Exploits1References5

Vulnrichment•added 2026/02/06 4:2 a.m.•2 views

CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS5AI score0.00044EPSS

Exploits0References5

CVE•added 2026/02/03 12:0 a.m.•10 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS version 3.9.2 is vulnerable to unauthenticated remote access to the /script/.env file. The exposure reveals sensitive data including the Laravel APP_KEY, database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, ...

10CVSS5.5AI score0.001EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/03 12:0 a.m.•2 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.4AI score0.001EPSS

Exploits1References2

The Hacker News•added 2026/01/15 3:31 p.m.•10 views

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 CVSS score: 10.0, has been described as a case of unauthenticated privilege escalation impacting all...

10CVSS6.9AI score0.04525EPSS

Exploits6

RedhatCVE•added 2026/01/09 9:27 a.m.•1 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS7.1AI score0.00206EPSS

Exploits0References1

Positive Technologies•added 2026/01/09 12:0 a.m.•3 views

PT-2026-2018

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to disclose sensitive information without authentication. An...

7.5CVSS5.7AI score0.00066EPSS

Exploits0References5

CNNVD•added 2025/12/09 12:0 a.m.•1 views

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiAuthenticator versions 6.6.0 through 6.6.6, all versions 6.5, all versions 6.4, and all versions 6.3, which stems from a direct request vulnerability...

2.7CVSS6.7AI score0.00036EPSS

Exploits0References2

Positive Technologies•added 2025/12/05 12:0 a.m.•2 views

PT-2025-49245

Name of the Vulnerable Software and Affected Versions Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior Description Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior are susceptible to a Direct...

9CVSS6.8AI score0.0007EPSS

Exploits0References5

CVE•added 2025/11/26 7:46 p.m.•15 views

CVE-2025-6195

CVE-2025-6195 : GitLab EE had a fix for an issue that could allow an authenticated user to view information from security reports under certain configuration conditions. The vulnerability affected all GitLab CE/EE versions up to: 13.7 before 18.4.5; 18.5 before 18.5.3; 18.6 before 18.6.1. The rem...

4.3CVSS6.1AI score0.00011EPSS

Exploits0References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-3749

Malware in sbrugna...

5CVSS6.4AI score0.00283EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2007-2583

Malware in sbrugna...

6.4CVSS6.4AI score0.00622EPSS

Exploits1References7