CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1666 matches found

emlog 5.3.1 Path Disclosure

emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file. id: CVE-2021-3293 info: name: emlog 5.3.1 Path Disclosure author: h1ei1 severity: medium description: emlog v5.3.1 is susceptible to full path disclosure via...

5.3CVSS5.9AI score0.62081EPSS

Exploits1References5

Nuclei•added 16 hours ago•32 views

Drupal 11.x-dev - Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...

5.3CVSS5.4AI score0.86689EPSS

Exploits4

Nuclei•added 16 hours ago•10 views

WP Popups - Information Disclosure

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...

5.3CVSS5.4AI score0.03854EPSS

Exploits0References4

EUVD•added 2026/04/21 3:1 p.m.•2 views

EUVD-2026-24137

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

9.3CVSS5.8AI score0.00168EPSS

Exploits1References3

Vulnrichment•added 2026/04/21 3:1 p.m.•2 views

CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

9.3CVSS5.8AI score0.00168EPSS

Exploits1References3

GithubExploit•added 2026/02/10 4:18 p.m.•119 views

Exploit for Generation of Error Message Containing Sensitive Information in Drupal

Enumeration tool for CVE-2024-45440 by DividesByZer0 & c0d3Ninja...

5.3CVSS5.5AI score0.86689EPSS

Exploits4

Nuclei•added 2026/02/04 7:0 a.m.•11 views

AWStats <= 7.5 - Full Path Disclosure

AWStats 7.6 contains a full path disclosure caused by improper handling of framename and update parameters in awstats.pl, letting remote attackers determine server file paths, exploit requires sending crafted parameters. id: CVE-2018-10245 info: name: AWStats = 7.5 - Full Path Disclosure author:...

5.3CVSS6.9AI score0.00055EPSS

Exploits1References2

RedhatCVE•added 2026/01/17 5:22 a.m.•5 views

CVE-2025-15526

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS6AI score0.00021EPSS

Exploits0References1

NVD•added 2026/01/16 5:16 a.m.•4 views

CVE-2025-15526

5.3CVSS0.00021EPSS

Exploits0References2

Cvelist•added 2026/01/16 4:44 a.m.•23 views

CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

5.3CVSS0.00021EPSS

Exploits0References2

Vulnrichment•added 2026/01/16 4:44 a.m.•2 views

CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

5.3CVSS5.7AI score0.00021EPSS

Exploits0References2

CVE•added 2026/01/16 4:44 a.m.•12 views

CVE-2025-15526

CVE-2025-15526 affects Fancy Product Designer for WordPress. All versions up to 6.4.8 are vulnerable to unauthenticated Full Path Disclosure via error handling in the PDF upload process, exposing server filesystem paths and stack traces. This information could assist other attacks; practical expl...

5.3CVSS5.7AI score0.00021EPSS

Exploits0References2