CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/11/06 6:32 p.m.•3 views

EUVD-2025-38129

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a through = 1.4.7...

7.5CVSS6.6AI score0.00362EPSS

CNNVD•added 2025/11/06 12:0 a.m.•4 views

WordPress plugin Favorites 安全漏洞

PHP, etc. are products of PHP. PHP is a scripting language that executes on the server side. webSockets ws, etc. are products of WebSockets open source. ws is a Node.js WebSocket library. r infrastructure gh, etc. are R infrastructure open source gh is a GitHub API library. A security vulnerabili...

7.5CVSS6.5AI score0.00362EPSS

CNNVD•added 2025/11/06 12:0 a.m.•2 views

WordPress plugin Lazy Load Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

8.1CVSS6.6AI score0.00431EPSS

WordPress plugin Immocaster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Premmerce Wholesale Pricing for WooCommerce 安全漏洞

7.5CVSS6.6AI score0.00362EPSS

WordPress plugin Premmerce User Roles 安全漏洞

WordPress plugin WP Customer Area 安全漏洞

WordPress plugin Premmerce 安全漏洞

CNNVD•added 2025/11/06 12:0 a.m.•6 views

WordPress plugin LearnPress Export Import 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

7.5CVSS6.5AI score0.00362EPSS

Positive Technologies•added 2025/11/05 12:0 a.m.•10 views

PT-2025-45071

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions prior to 3.1.4 AI Engine versions 2.8.x and 2.9.x prior to 2.9.5 Description The AI Engine plugin for WordPress has a Sensitive Information Exposure issue via the /mcp/v1/ REST API endpoint. When the...

9.8CVSS7.7AI score0.68846EPSS

Exploits5References13

EUVD•added 2025/10/29 9:30 a.m.•4 views

EUVD-2025-36610

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through = 1.1.1...

7.5CVSS6.6AI score0.00328EPSS

NVD•added 2025/10/29 9:15 a.m.•7 views

CVE-2025-64284

7.5CVSS0.00328EPSS

RedhatCVE•added 2025/10/29 1:11 a.m.•5 views

CVE-2025-12342

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS7.2AI score0.0027EPSS

CVE•added 2025/10/28 12:2 a.m.•11 views

CVE-2025-12337

CVE-2025-12337 affects Campcodes Retro Basketball Shoes Online Store 1.0. The vulnerability is a SQL injection in the admin feature, caused by manipulating the pid parameter in the file /admin/admin_feature.php. The issue is exploitable remotely and there are public exploits. Documents consistent...

9.8CVSS7.2AI score0.00408EPSS

Exploits1References5Affected Software1

OSV•added 2025/10/27 7:15 a.m.•1 views

CVE-2025-12243

A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated...

8.8CVSS5.7AI score0.00313EPSS

Exploits1References5

CNNVD•added 2025/10/25 12:0 a.m.•4 views

WordPress plugin Edge CPT 安全漏洞

8.1CVSS6.5AI score0.00428EPSS

RedhatCVE•added 2025/10/24 2:33 p.m.•4 views

CVE-2025-58958

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through 1.8.5...

8.1CVSS7.1AI score0.00488EPSS

CNNVD•added 2025/10/23 12:0 a.m.•4 views

ArkSigner AcBakImzala 安全漏洞

ArkSigner AcBakImzala is an electronic signature platform from the Turkish company ArkSigner. A security vulnerability exists in ArkSigner AcBakImzala versions prior to v5.1.4, which stems from improper control of the filename of an include or request statement, which could result in a PHP native...

9.8CVSS6.7AI score0.00518EPSS