CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 4 days ago•6 views

CVE-2018-25408

Exploits0References4Affected Software1

EUVD•added 4 days ago•11 views

EUVD-2018-21930

CVE•added 4 days ago•11 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

Cvelist•added 4 days ago•27 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

8.7CVSS0.00233EPSS

Vulnrichment•added 4 days ago•5 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

RedhatCVE•added 4 days ago•9 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.00051EPSS

Exploits0References1

CNNVD•added 4 days ago•4 views

Open ISES Project 路径遍历漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...

Positive Technologies•added 4 days ago•5 views

PT-2026-45108

CVE•added 2026/05/26 4:45 a.m.•10 views

CVE-2026-9531

CVE-2026-9531 details (Totolink CA750-PoE, firmware 6.2c.510) : The vulnerability affects the function setUpgradeUboot in the file /cgi-bin/cstecgi.cgi of the Setting Handler. Manipulating the argument FileName leads to an os command injection. The issue is exploitable remotely, and public exploi...

6.5CVSS6.4AI score0.04841EPSS

Cvelist•added 2026/05/26 4:45 a.m.•36 views

CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.04841EPSS

CNNVD•added 2026/05/26 12:0 a.m.•7 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...

6.5CVSS6.6AI score0.04841EPSS

NVD•added 2026/05/25 1:16 p.m.•5 views

CVE-2026-9455

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS0.01254EPSS

Positive Technologies•added 2026/05/25 12:0 a.m.•6 views

PT-2026-43046

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possibl...

10CVSS7AI score0.01254EPSS

Snyk•added 2026/05/18 5:40 p.m.•7 views

Regular Expression Denial of Service (ReDoS)

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption and block the...

8.7CVSS5.8AI score0.00055EPSS

Exploits0References2

Patchstack•added 2026/05/18 5:35 p.m.•3 views

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/18 5:35 p.m.•1 views

GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00055EPSS

CNNVD•added 2026/05/17 12:0 a.m.•3 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

6.5CVSS6.5AI score0.00028EPSS

Exploits0References2

EUVD•added 2026/05/13 12:48 a.m.•4 views

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.0004EPSS