CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

164 matches found

The Hacker News•added 2026/05/11 5:54 p.m.•11 views

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...

9.8CVSS6.2AI score0.90762EPSS

Exploits59

Github Security Blog•added 2026/04/22 5:28 p.m.•10 views

CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

9.4CVSS6.4AI score0.00464EPSS

Exploits0References4Affected Software1

GithubExploit•added 2026/04/17 5:49 p.m.•62 views

ctf-writeups-Doli1

🛡️ Doli 1 — CTF Writeup VulnHub VAPT Report For...

6AI score

Exploits0

The Hacker News•added 2026/04/03 3:32 p.m.•3 views

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request...

6.6AI score

Exploits0

RedhatCVE•added 2026/03/05 1:57 a.m.•2 views

CVE-2026-24848

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

9.9CVSS6.2AI score0.00141EPSS

Exploits1References1

Packet Storm•added 2026/02/06 12:0 a.m.•119 views

📄 WordPress StoreKeeper for WooCommerce 14.4.4 Shell Upload

A critical security vulnerability exists in the StoreKeeper for WooCommerce WordPress plugin that allows unauthenticated attackers to upload arbitrary files, including PHP web shells, leading to complete system compromise. Version 14.4.4 is affected...

10CVSS5.7AI score0.00057EPSS

Exploits3

GithubExploit•added 2026/01/13 1:31 p.m.•120 views

odfs_rce_poc

Online Discussion Forum Site 1.0 - Remote Code Execution PoC...

7.5AI score

Exploits0

Positive Technologies•added 2025/12/18 12:0 a.m.•14 views

PT-2025-52212

Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...

6.3CVSS6AI score0.00036EPSS

Exploits3References12