CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

420 matches found

EUVD•added 2026/04/27 2:30 p.m.•1 views

EUVD-2026-25860

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

6.9CVSS5.6AI score0.00062EPSS

Exploits0References5

Positive Technologies•added 2026/04/27 12:0 a.m.•0 views

PT-2026-35437

6.9CVSS5.2AI score0.00062EPSS

Exploits0References6

NVD•added 2026/04/15 5:17 p.m.•0 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS0.00564EPSS

Exploits0References2

CVE•added 2026/04/15 12:0 a.m.•2 views

CVE-2026-30996

CVE-2026-30996 affects SAC-NFe v2.0.02; an issue in the file handling logic of the component download.php allows directory traversal to read arbitrary system files via a crafted GET request. CVSSv3.1 score is 7.5 (HIGH) with network attack vector and low complexity; no exploitation details or mit...

7.5CVSS5.9AI score0.00564EPSS

Exploits0References2

Cvelist•added 2026/04/15 12:0 a.m.•14 views

CVE-2026-30996

0.00564EPSS

Exploits0References2

ATTACKERKB•added 2026/02/03 10:1 p.m.•1 views

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

8.7CVSS5.5AI score0.02185EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/03 10:1 p.m.•4 views

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

8.7CVSS5.5AI score0.02185EPSS

Exploits1References4

CNNVD•added 2026/02/03 12:0 a.m.•2 views

Arox School ERP Pro 路径遍历漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of Arox School ERP Pro contains a path traversal vulnerability. This vulnerability stems from a file leakage issue in the document parameter within the download.php file. Attackers can access...

8.7CVSS7.3AI score0.02185EPSS

Exploits1References6

RedhatCVE•added 2026/01/09 10:39 a.m.•5 views

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

7.5CVSS7.6AI score0.01081EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-7333

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...

6.1CVSS6AI score0.00262EPSS

Exploits1References1

RedhatCVE•added 2025/12/31 1:4 a.m.•3 views

CVE-2025-15213

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...

5.3CVSS6.6AI score0.00021EPSS

Exploits1References1

RedhatCVE•added 2025/12/30 9:9 p.m.•3 views

CVE-2025-15205

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istoreid leads to sql injection. The attack can be initiated remotely. The exploit is publicly...

8.8CVSS7.2AI score0.00019EPSS

Exploits1References1

Positive Technologies•added 2025/12/30 12:0 a.m.•2 views

PT-2025-53831

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description An improper authorization issue exists in the File Download Handler component of code-projects Student File Management System version 1.0. The issue is due to the manipulatio...

5.3CVSS6.2AI score0.00021EPSS

Exploits1References9

Positive Technologies•added 2025/12/29 12:0 a.m.•1 views

PT-2025-53793

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in Student File Management System version 1.0 that allows for remote code execution. The issue is related to SQL injection within the /download.php file,...

8.8CVSS8.3AI score0.00019EPSS

Exploits1References10

CNNVD•added 2025/12/29 12:0 a.m.•2 views

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System due to mishandling of the istoreid parameter by an unknown function module in the /download.php file. An attacker can use this vulnerability to obtain or tamp...

8.8CVSS6.8AI score0.00019EPSS

Exploits1References6

EUVD•added 2025/10/15 8:25 a.m.•1 views

EUVD-2025-34547

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...

5.3CVSS5.1AI score0.0019EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-1729

Malware in sbrugna...

9.8CVSS9.5AI score0.00292EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-18167

Malware in sbrugna...

9.8CVSS9.3AI score0.07655EPSS

Exploits5References5