CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/08 5:16 p.m.•7 views

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.01081EPSS

EUVD•added 2026/06/08 4:49 p.m.•7 views

EUVD-2026-35134

ATTACKERKB•added 2026/06/08 4:49 p.m.•5 views

CVE-2026-25855

Exploits0References3Affected Software1

Vulnrichment•added 2026/06/08 4:49 p.m.•6 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

Cvelist•added 2026/06/08 4:49 p.m.•35 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

8.8CVSS0.01081EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47342

CNNVD•added 2026/06/08 12:0 a.m.•2 views

Exploits0References3

OpenBullet2 操作系统命令注入漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained an operating system command injection vulnerability. This vulnerability originated from the FileProxySource proxy loading function, which cou...

8.8CVSS5.9AI score0.01081EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configure...

6.5CVSS5.8AI score0.00351EPSS

Exploits0References4

Debian CVE•added 2026/05/12 1:28 p.m.•6 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00351EPSS

Exploits0

ATTACKERKB•added 2026/05/12 12:0 a.m.•2 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.8AI score0.00138EPSS

Exploits0References3

RedhatCVE•added 2026/05/11 8:25 p.m.•4 views

CVE-2021-47936

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...

9.8CVSS6.7AI score0.00656EPSS

ATTACKERKB•added 2026/03/26 1:1 p.m.•1 views

CVE-2025-55267

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...

5.7CVSS5.9AI score0.00295EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/01/29 12:0 a.m.•2 views

MedDream PACS Server security vulnerability

MedDream PACS Server is a picture archiving and communication system developed by MedDream Corporation. It is used for storing, archiving, managing, and viewing medical images. Version 6.8.3.751 of MedDream PACS Server has a security vulnerability. This vulnerability stems from the uploadImage.ph...

8.8CVSS6.1AI score0.00521EPSS

Exploits0References3

OSV•added 2026/01/13 11:16 p.m.•2 views

UBUNTU-CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

9.8CVSS5.9AI score0.04962EPSS

Exploits1References5

CNNVD•added 2026/01/13 12:0 a.m.•1 views

eXtplorer 访问控制错误漏洞

eXtplorer is a PHP-based file manager by soerennb individual developer. An access control error vulnerability exists in eXtplorer version 2.1.14, which stems from an authentication bypass that could allow an attacker to upload malicious PHP files and execute remote commands...

9.8CVSS5.9AI score0.04962EPSS

Exploits1References4

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2425

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14 Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious...

9.8CVSS7.5AI score0.04962EPSS

Exploits1References7

RedhatCVE•added 2026/01/09 12:41 p.m.•3 views

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

8.8CVSS8AI score0.00453EPSS

Exploits1References1

CNNVD•added 2025/12/30 12:0 a.m.•3 views

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

9.6CVSS5.7AI score0.00171EPSS