CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8637 matches found

Github Security Blog•added yesterday•7 views

Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

5.8AI score

Exploits0References3Affected Software1

OSV•added yesterday•1 views

GHSA-JMMV-H3MP-59V8 Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score

Exploits0References3

Nuclei•added yesterday•16 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS5.8AI score0.05317EPSS

Exploits1References3

Nuclei•added yesterday•9 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS7.4AI score0.01204EPSS

Exploits0References3

Nuclei•added yesterday•19 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.4AI score0.0161EPSS

Exploits2References4

SUSE CVE•added yesterday•3 views

SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.0006EPSS

Exploits0References3

Positive Technologies•added yesterday•4 views

PT-2026-46100

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score

Exploits0References4

NVD•added 2 days ago•5 views

CVE-2025-68886

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

8.1CVSS0.00115EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

8.1CVSS0.00115EPSS

Exploits0References1

EUVD•added 2 days ago•2 views

EUVD-2025-210042

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

8.1CVSS0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•2 views

CVE-2025-69369

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

CVE•added 2 days ago•7 views

CVE-2025-69369

CVE-2025-69369 is a Local File Inclusion vulnerability in the WordPress theme Racquet (Racquet

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•2 views

CVE-2025-58897

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

CVE•added 2 days ago•6 views

CVE-2025-58897

The CVE-2025-58897 entry concerns the WordPress Fermentio theme (

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

8.1CVSS0.00115EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2025-58707

The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2025-58707

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

Rows per page