CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

638 matches found

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

10CVSS8.1AI score0.33418EPSS

Exploits2References3

RedhatCVE•added 2 days ago•3 views

CVE-2026-10071

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS6.3AI score0.00252EPSS

Exploits0References1

NVD•added 3 days ago•5 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS0.00038EPSS

Exploits0References2

Cvelist•added 3 days ago•21 views

CVE-2026-41235 Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement

9.4CVSS0.00038EPSS

Exploits0References2

Github Security Blog•added 2026/05/29 3:36 p.m.•10 views

Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement

Summary Froxlor 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit requests. As a result, an authenticated customer wi...

9.4CVSS5.9AI score0.00038EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/29 3:36 p.m.•4 views

GHSA-GCV3-5V9Q-FMHH Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement

8.8CVSS5.9AI score0.00038EPSS

Exploits0References2

NVD•added 2026/05/29 1:16 p.m.•10 views

CVE-2026-10071

9.8CVSS0.00252EPSS

Exploits0References2

ATTACKERKB•added 2026/05/29 12:36 p.m.•8 views

CVE-2026-10072

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS6.4AI score0.00279EPSS

Exploits0References3

EUVD•added 2026/05/29 12:36 p.m.•7 views

EUVD-2026-33291

8.6CVSS6.4AI score0.00279EPSS

Exploits0References2

ATTACKERKB•added 2026/05/29 12:32 p.m.•7 views

CVE-2026-10071

9.8CVSS6.4AI score0.00252EPSS

Exploits0References3

CVE•added 2026/05/29 12:32 p.m.•22 views

CVE-2026-10071

DreamMaker by Interinfo is affected by an Arbitrary File Upload vulnerability that allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server. The publicly referenced entries (CVE-2026-10071) confirm a high-severity issue wit...

9.8CVSS6.4AI score0.00252EPSS

Exploits0References2

Positive Technologies•added 2026/05/29 12:0 a.m.•5 views

PT-2026-44906

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description An issue exists where server-side FTP account handlers do not enforce the system.available shells whitelist when processing add or edit requests. This allows an authenticated customer with shell...

9.4CVSS5.9AI score0.00038EPSS

Exploits0References6

Positive Technologies•added 2026/05/29 12:0 a.m.•5 views

PT-2026-44836

8.6CVSS6.4AI score0.00279EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в sudo

In Sudo version 1.8.29, the fact that a user has been blocked for example, by using the “!” character in the shadow file instead of a password hash was not taken into consideration. This allows an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

7.5CVSS6.8AI score0.04075EPSS

Exploits0References2

NVD•added 2026/05/17 1:16 p.m.•6 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00128EPSS

Exploits0References4

Vulnrichment•added 2026/05/17 12:11 p.m.•5 views

CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

9.8CVSS6.5AI score0.00128EPSS

Exploits0References4

Cvelist•added 2026/05/17 12:11 p.m.•33 views

CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

9.8CVSS0.00128EPSS

Exploits0References4

EUVD•added 2026/05/17 12:11 p.m.•9 views

EUVD-2018-21841

9.8CVSS6.5AI score0.00128EPSS

Exploits0References4

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41546

9.8CVSS6.5AI score0.00128EPSS

Exploits0References5

EUVD•added 2026/05/10 3:31 p.m.•4 views

EUVD-2021-34801

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00149EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by