CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

540 matches found

CNNVD•added 2025/12/15 12:0 a.m.•1 views

Webedition CMS 安全漏洞

Webedition CMS is an open source web application framework from German company Webedition. A security vulnerability exists in Webedition CMS version v2.9.8.8, which stems from the presence of a remote code execution vulnerability that could lead to the creation of injected system commands via PHP...

8.6CVSS8.1AI score0.00488EPSS

Exploits1References4

NVD•added 2025/12/09 4:18 p.m.•1 views

CVE-2025-67532

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...

7.5CVSS0.00109EPSS

Exploits0References1

EUVD•added 2025/11/21 3:31 p.m.•2 views

EUVD-2025-198439

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

6.6AI score0.00101EPSS

Exploits0References2

NVD•added 2025/11/20 8:16 p.m.•2 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS0.00024EPSS

Exploits1References1

NVD•added 2025/11/17 4:15 p.m.•4 views

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

8.8CVSS0.00066EPSS

Exploits1References2

Vulnrichment•added 2025/11/06 3:54 p.m.•1 views

CVE-2025-58994 WordPress Greenify theme <= 2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affects Greenify: from n/a through = 2.2...

8.1CVSS6.7AI score0.00124EPSS

Exploits0References1

Positive Technologies•added 2025/11/06 12:0 a.m.•2 views

PT-2025-45258

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through = 1.2.2...

7.1AI score0.00113EPSS

Exploits0References2

NVD•added 2025/11/05 3:15 a.m.•2 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS0.00354EPSS

Exploits0References2

Patchstack•added 2025/11/02 2:34 p.m.•2 views

WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by kr0no in WordPress Plugin WP Maps versions = 4.8.6...

6.5CVSS7.3AI score0.00061EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/10/31 10:7 p.m.•2 views

CVE-2020-36863

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

8.8CVSS8AI score0.01215EPSS

Exploits0References1

NVD•added 2025/10/27 9:15 p.m.•7 views

CVE-2025-62524

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

5.3CVSS0.00042EPSS

Exploits0References2

Positive Technologies•added 2025/10/27 12:0 a.m.•2 views

PT-2025-44037

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...

5.3CVSS6.4AI score0.00042EPSS

Exploits0References6

EUVD•added 2025/10/24 7:52 a.m.•2 views

EUVD-2025-35824

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...

8.1CVSS6.5AI score0.00118EPSS

Exploits0References2

RedhatCVE•added 2025/10/11 7:23 a.m.•2 views

CVE-2025-21051

Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory...

4CVSS6.5AI score0.00017EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-0845

Malware in sbrugna...

5CVSS6.4AI score0.00392EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-54884

Malicious code in bioql PyPI...

6.6CVSS6.6AI score0.00127EPSS

Exploits0References2