CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 days ago•8 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS0.00379EPSS

Cvelist•added 5 days ago•25 views

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

8.6CVSS0.00379EPSS

CVE•added 5 days ago•11 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability in the ArtifactReady WebSocket messages. Unsanitized path components in artifact_name (and download_path) allow a malicious build server to write arbitrary content to any location writable by the running process, potentially overwritin...

8.6CVSS5.6AI score0.00379EPSS

CNNVD•added 5 days ago•1 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS

RedhatCVE•added 2026/06/05 7:40 p.m.•5 views

CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

6.9CVSS5.6AI score0.0044EPSS

CNNVD•added 2026/06/05 12:0 a.m.•1 views

Altium 365和Altium Enterprise Server 安全漏洞

Altium 365 and Altium Enterprise Server are both products of the American company Altium. Altium 365 is a product design and development platform. Altium Enterprise Server is a localized data management server. Both Altium 365 and Altium Enterprise Server have security vulnerabilities. These...

8.3CVSS5.6AI score0.00517EPSS

EUVD•added 2026/06/02 2:30 a.m.•8 views

EUVD-2026-33878

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.3AI score0.00201EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42682

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description An authenticated attacker can perform Server-Side Request Forgery SSRF by supplying a URL to the 'parse urls' API endpoint that points to a server under their control. This server can respond...

5CVSS5.8AI score0.00176EPSS

NVD•added 2026/05/16 4:16 p.m.•7 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00673EPSS

CVE•added 2026/05/16 3:26 p.m.•8 views

CVE-2020-37246

The CVE affects the WordPress plugin Supsystic Backup 2.3.9 . A local file inclusion (LFI) flaw arises from manipulating the download parameter in admin.php with directory traversal sequences, enabling unauthenticated attackers to read arbitrary files (e.g., /etc/passwd) and to delete files via t...

ATTACKERKB•added 2026/05/16 3:26 p.m.•5 views

CVE-2020-37246

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/16 3:26 p.m.•4 views

CVE-2020-37246 WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Positive Technologies•added 2026/05/16 12:0 a.m.•9 views

PT-2026-41446

Cvelist•added 2026/04/25 3:15 p.m.•33 views

CVE-2026-6983 pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS0.00273EPSS

Vulnrichment•added 2026/04/07 11:25 p.m.•2 views

CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

5.4CVSS5.6AI score0.00161EPSS

Exploits0References6

Patchstack•added 2026/04/07 10:48 p.m.•5 views

WordPress Download Monitor plugin <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability

Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability discovered by Kirasec in WordPress Plugin Download Monitor versions = 5.1.10...

5.4CVSS5.9AI score0.00161EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

7.8CVSS5.9AI score0.00126EPSS