CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 hours ago•5 views

CVE-2026-2500

The Quick Playground WordPress plugin vulnerability (

4.4CVSS5.4AI score

RedhatCVE•added yesterday•4 views

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS5.8AI score0.00233EPSS

Exploits0References1

Nuclei•added yesterday•21 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.3AI score0.0161EPSS

Exploits2References4

NVD•added last week•14 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00307EPSS

EUVD•added last week•12 views

EUVD-2018-21930

CVE•added last week•13 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

ATTACKERKB•added last week•9 views

CVE-2018-25408

Exploits0References4Affected Software1

Cvelist•added last week•28 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

8.7CVSS0.00307EPSS

Vulnrichment•added last week•6 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

RedhatCVE•added last week•11 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.00067EPSS

Exploits0References1

CNNVD•added 2026/05/30 12:0 a.m.•5 views

Open ISES Project 路径遍历漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...

Positive Technologies•added 2026/05/30 12:0 a.m.•7 views

PT-2026-45108

CVE•added 2026/05/26 4:45 a.m.•11 views

CVE-2026-9531

CVE-2026-9531 details (Totolink CA750-PoE, firmware 6.2c.510) : The vulnerability affects the function setUpgradeUboot in the file /cgi-bin/cstecgi.cgi of the Setting Handler. Manipulating the argument FileName leads to an os command injection. The issue is exploitable remotely, and public exploi...

6.5CVSS6.4AI score0.04841EPSS

Cvelist•added 2026/05/26 4:45 a.m.•37 views

CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.04841EPSS

CNNVD•added 2026/05/26 12:0 a.m.•8 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...

6.5CVSS6.6AI score0.04841EPSS

NVD•added 2026/05/25 1:16 p.m.•6 views

CVE-2026-9455

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS0.01254EPSS

Positive Technologies•added 2026/05/25 12:0 a.m.•9 views

PT-2026-43046

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possibl...

10CVSS7AI score0.01254EPSS