CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

336 matches found

OSV•added 2025/02/25 3:15 p.m.•1 views

CVE-2025-26964

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20...

8.8CVSS5.8AI score

Exploits0References1

OSV•added 2025/01/07 4:15 p.m.•0 views

CVE-2024-53800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15...

8.1CVSS7.3AI score

Exploits0References1

OSV•added 2024/08/21 5:15 p.m.•19 views

CVE-2024-5762

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

8.1CVSS8.1AI score

Exploits0References2

CVE•added 2024/08/21 4:15 p.m.•78 views

CVE-2024-5762

CVE-2024-5762 (Zen Cart) : Local File Inclusion leading to Remote Code Execution in the findPluginAdminPage function. Root cause is insufficient validation of user-supplied data before passing it to PHP include, allowing an unauthenticated attacker to execute arbitrary code on affected installati...

8.1CVSS8.5AI score0.09113EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/08/21 4:15 p.m.•22 views

CVE-2024-5762 Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability

8.1CVSS0.09113EPSS

Exploits0References2

Vulnrichment•added 2024/08/21 4:15 p.m.•22 views

CVE-2024-5762 Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability

8.1CVSS8AI score0.09113EPSS

Exploits0References2

GithubExploit•added 2024/06/25 2:16 p.m.•69 views

Exploit for Cross-site Scripting in Dlink Dir-845L_Firmware

CVE-2024-33113 Le routeur D-LINK DIR-845L est vulnérable à une...

5.3CVSS7.1AI score0.52857EPSS

Exploits1

Zero Day Initiative•added 2024/01/10 12:0 a.m.•17 views

Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of prope...

7.5CVSS7.5AI score0.03114EPSS

Exploits0References1

Zero Day Initiative•added 2023/08/21 12:0 a.m.•25 views

Advantech R-SeeNet device_status Local File Inclusion Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability. The specific flaw exists within the devicestatus page. The issue results from the lack of proper validation of user-supplied...

8.8CVSS6.8AI score0.00088EPSS

Exploits0References1

Zero Day Initiative•added 2023/05/12 12:0 a.m.•15 views

Trend Micro Mobile Security for Enterprises widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

7.5CVSS7.2AI score0.0455EPSS

Exploits0References1

Zero Day Initiative•added 2023/05/12 12:0 a.m.•14 views

Trend Micro Mobile Security for Enterprises widgetforsecurity getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability

7.5CVSS7.2AI score0.0455EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:2 a.m.•1 views

SUSE CVE-2009-3559

main/streams/plainwrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safemodeincludedir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that...

7.5CVSS7AI score0.02913EPSS

Exploits0References5

NVD•added 2021/12/15 8:15 p.m.•11 views

CVE-2021-43836

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18...

8.8CVSS0.04292EPSS

Exploits0References2

CVE•added 2021/01/28 6:30 p.m.•61 views

CVE-2021-20187

CVE-2021-20187 affects Moodle prior to versions 3.10.1, 3.9.4, 3.8.7 and 3.5.16. The issue allows site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. The connected documents confirm the vulnerable condition and the root cause, but do not p...

7.2CVSS7AI score0.00679EPSS

Exploits0References1Affected Software1

CNVD•added 2020/12/24 12:0 a.m.•1 views

TerraMaster TOS Remote Code Execution Vulnerability

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

10CVSS8.6AI score0.88604EPSS

Exploits3References1

0day.today•added 2017/03/10 12:0 a.m.•34 views

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure Vulnerabilities

Exploit for php platform in category web applications SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The...

7.1AI score

Exploits0

Packet Storm•added 2017/03/10 12:0 a.m.•59 views

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure

SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The vulnerabilities were discovered during a black box security...

0.5AI score

Exploits0

NVD•added 2014/09/11 2:16 p.m.•9 views

CVE-2014-6236

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

7.5CVSS7.4AI score0.02019EPSS

Exploits0References5

Prion•added 2014/09/11 2:16 p.m.•13 views

Code injection

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

7.5CVSS7.9AI score0.02019EPSS

Exploits0References5Affected Software1

Cvelist•added 2014/09/11 2:0 p.m.•12 views

CVE-2014-6236

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

7.4AI score0.02019EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by