Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

590218 matches found

EUVD
EUVDadded 2026/06/15 12:0 p.m.6 views

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/15 12:0 p.m.29 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS0.00327EPSS
Exploits0References3
CVE
CVEadded 2026/06/15 12:0 p.m.10 views

CVE-2016-20075

CVE-2016-20075 affects WordPress Ultimate Product Catalog 3.8.6. The vulnerability is an arbitrary file upload via the custom fields feature, exploitable by authenticated users with contributor, editor, author, or administrator roles. By uploading malicious files (e.g., PHP shells) through the Pr...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/15 12:0 p.m.6 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/15 11:44 a.m.10 views

CVE-2026-5482 Remote Code Execution via Unrestricted File Upload in Responsive FileManager

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.4AI score0.00445EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/15 11:44 a.m.12 views

EUVD-2026-36716

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.5AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/15 11:44 a.m.31 views

CVE-2026-5482 Remote Code Execution via Unrestricted File Upload in Responsive FileManager

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS0.00445EPSS
Exploits0References2
CVE
CVEadded 2026/06/15 11:44 a.m.25 views

CVE-2026-5482

Responsive FileManager (unmaintained at CVE assignment) contains an unauthenticated unrestricted file upload flaw via the dialog.php endpoint in the latest release 9.14.0, enabling Remote Code Execution. Affected component: file upload handling/dialog.php. Impact reported as Remote Code Execution...

9.3CVSS5.5AI score0.00445EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/15 10:21 a.m.10 views

EUVD-2026-36715

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS5.7AI score0.00129EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 10:21 a.m.28 views

CVE-2026-12057

CVE-2026-12057 describes a vulnerability where JavaScript executed inside a PDF, while in a sandboxed application, can bypass some UI/danger-interface interception, allowing remote scripts to run and potentially cause arbitrary code execution. The NVD entry ties this to a high-severity impact (CV...

8.6CVSS5.7AI score0.00129EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/15 10:21 a.m.9 views

CVE-2026-12057 DoS + Remote Code Execution via PDF JavaScript in Foxit AI

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS5.7AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 10:21 a.m.36 views

CVE-2026-12057 DoS + Remote Code Execution via PDF JavaScript in Foxit AI

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS0.00129EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/06/15 10:18 a.m.9 views

Important: Red Hat Security Advisory: valkey security update

An update for valkey is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.8AI score0.01368EPSS
Exploits4References4
RedHat Linux
RedHat Linuxadded 2026/06/15 10:18 a.m.12 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.01368EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/06/15 10:18 a.m.11 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.1CVSS5.5AI score0.01217EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/06/15 10:18 a.m.10 views

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS6.1AI score0.00952EPSS
Exploits4References6
NVD
NVDadded 2026/06/15 10:16 a.m.11 views

CVE-2026-11860

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS0.00235EPSS
Exploits0References2
CVE
CVEadded 2026/06/15 9:57 a.m.20 views

CVE-2026-11860

CVE-2026-11860 affects Quick.CMS. The issue is insecure deserialization of user-controlled data over plaintext HTTP, allowing an attacker to tamper serialized payloads and trigger gadget chains that enable arbitrary code execution when an administrator accesses the admin panel. The root cause is ...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/15 9:57 a.m.35 views

CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/15 9:57 a.m.9 views

CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.2AI score0.00235EPSS
Exploits0References2
Rows per page
Query Builder