CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

49 matches found

Positive Technologies•added 2026/03/06 12:0 a.m.•5 views

PT-2026-23674

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...

7.1CVSS6.2AI score0.00444EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:18 a.m.•6 views

CVE-2019-18839

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

9CVSS6.8AI score0.05436EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 10:7 a.m.•7 views

CVE-2019-20385

The CSV upload feature in /supervisor/procesacarga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/ content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI...

8.8CVSS7.3AI score0.01127EPSS

Exploits1References1

EUVD•added 2025/12/02 8:24 a.m.•4 views

EUVD-2025-200208

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...

8.1CVSS7AI score0.00858EPSS

Exploits0References7

Vulnrichment•added 2025/10/15 2:26 a.m.•5 views

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS6.8AI score0.00682EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-2387

Malware in sbrugna...

9CVSS6.2AI score0.04279EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2004-2248

Malware in sbrugna...

5CVSS6.4AI score0.02038EPSS

Exploits0References8