CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

130 matches found

RedhatCVE•added 2026/04/22 7:22 p.m.•3 views

CVE-2026-6744

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

6.5CVSS5.3AI score0.00043EPSS

Exploits0References1

Snyk•added 2026/04/22 5:6 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the copy function of the...

6.5CVSS6.6AI score0.00043EPSS

Exploits0References2

EUVD•added 2026/04/21 9:31 p.m.•3 views

EUVD-2026-24241

6.5CVSS5.3AI score0.00043EPSS

Exploits0References5

Github Security Blog•added 2026/04/21 9:31 p.m.•6 views

Bagisto affected by Server-Side Request Forgery

6.5CVSS6.2AI score0.00043EPSS

Exploits0References6Affected Software1

OSV•added 2026/04/21 9:31 p.m.•3 views

GHSA-X3F9-VCP2-HGCW Bagisto affected by Server-Side Request Forgery

6.3CVSS6.2AI score0.00043EPSS

Exploits0References6

NVD•added 2026/04/21 7:16 p.m.•1 views

CVE-2026-6744

6.5CVSS0.00043EPSS

Exploits0References4

CVE•added 2026/04/21 6:0 p.m.•5 views

CVE-2026-6744

Bagisto (up to 2.3.15) contains a vulnerability in the Copy function of the Downloadable Link Handler that enables server-side request forgery (SSRF). The issue is exploitable remotely and has publicly available exploits; vendor notes that issues are addressed via a security advisory and plans fi...

6.5CVSS6.1AI score0.00043EPSS

Exploits0References4

Vulnrichment•added 2026/04/21 6:0 p.m.•0 views

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

6.5CVSS6.1AI score0.00043EPSS

Exploits0References4

Cvelist•added 2026/04/21 6:0 p.m.•28 views

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

6.5CVSS0.00043EPSS

Exploits0References4

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-34046

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Downloadable Link Handler component within the copy function. Remote manipulation of this function can lead to server-side request forgery, a flaw where an attacker can induce...

6.5CVSS6.5AI score0.00043EPSS

Exploits0References7

Patchstack•added 2025/12/31 12:0 a.m.•6 views

WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...

8.6CVSS5.9AI score0.00264EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...

7.2CVSS8.3AI score0.0017EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/12/24 12:0 a.m.•1 views

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0 that originates from a downloadable sensitive system configuration file that could lead to the disclosure of configuration information...

7.1CVSS6.4AI score0.00042EPSS

Exploits2References3

Positive Technologies•added 2025/12/23 12:0 a.m.•1 views

PT-2025-52858

Name of the Vulnerable Software and Affected Versions FluidSynth versions 2.5.0 through 2.5.1 Description FluidSynth, a software synthesizer based on the SoundFont 2 specifications, contains a flaw. A race condition during the unloading of a DLS file can lead to a heap-based use-after-free. This...

7CVSS6.5AI score0.00027EPSS

Exploits1References14

CNNVD•added 2025/12/23 12:0 a.m.•2 views

fluidsynth 资源管理错误漏洞

fluidsynth is a fluidsynth open source application. It is used to generate audio by reading and processing MIDI events from MIDI input devices using SoundFont. A resource management error vulnerability exists in fluidsynth versions prior to 2.5.2, which stems from a contention condition when...

7CVSS6.3AI score0.00027EPSS

Exploits1References5

Cvelist•added 2025/09/29 8:1 p.m.•5 views

CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

6.3CVSS0.00036EPSS

Exploits0References2

Vulnrichment•added 2025/09/29 8:1 p.m.•1 views

CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

6.3CVSS6.7AI score0.00036EPSS

Exploits0References2

Cvelist•added 2025/09/08 11:35 p.m.•5 views

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

8.8CVSS0.0019EPSS

Exploits1References1