CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CNNVD•added 2026/06/05 12:0 a.m.•6 views

Lyrion Music Server 安全漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a security vulnerability. This vulnerability stems from an arbitrary directory list vulnerability in the readdirectory function, which could lead to enumerating...

6.9CVSS5.5AI score0.00294EPSS

Exploits2References2

CNNVD•added 2026/05/29 12:0 a.m.•7 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an authorization vulnerability. This vulnerability stemmed from the absence of user login checks and administrator gatekeeping in the objects/mention.json.php file...

5.3CVSS5.8AI score0.00193EPSS

Exploits0References1

OSV•added 2026/05/25 10:0 p.m.•7 views

MAL-2026-4590 Malicious code in json-to-simple-graphql-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9998f4fd6abaaefcf6bd610ce0b558f0e1eb22c9d4dae07a111c27cc7f7322c The package contains a poc.js script that collects host reconnaissance data os.hostname, os.platform, output of whoami via childprocess and POSTs it ...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/21 12:38 a.m.•12 views

Malicious code in omnius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aceac0879b587bc711c3f156bf0de4bab90f3774816a6cbeb36a2cf9bb03e12 The package's postinstall lifecycle hook launches dist/postinstall-daemon.cjs, which combines childprocess.execSync, os.userInfo, filesystem probes,...

5.9AI score

Exploits0References9

Vulnrichment•added 2026/03/12 4:48 p.m.•6 views

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00535EPSS

Exploits1References1

GithubExploit•added 2026/01/04 6:13 a.m.•136 views

linux-privesc-audit-toolkit

Linux Privilege Escalation Automation Toolkit !Bannerscree...

7.2AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-11929

Malware in sbrugna...

5.3CVSS5AI score0.00792EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-11928

Malware in sbrugna...

5.3CVSS5AI score0.00792EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0007

Malware in sbrugna...

7.5CVSS7.6AI score0.01287EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 6:45 a.m.•4 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS4.5AI score0.00812EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:57 a.m.•6 views

CVE-2023-6032

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS...

5.3CVSS6.8AI score0.00582EPSS

Exploits0

CNNVD•added 2024/06/24 12:0 a.m.•6 views

AdminerEvo Code Issue Vulnerability

AdminerEvo is an AdminerEvo open source database management tool in a single PHP file. A security vulnerability exists in AdminerEvo. A remote attacker could exploit the vulnerability to enumerate or access otherwise inaccessible systems...

6.9CVSS6.8AI score0.00415EPSS

Exploits0References4

NVD•added 2024/06/13 4:15 p.m.•16 views

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...

5.3CVSS0.00803EPSS

Exploits0References1

Cvelist•added 2024/06/13 12:0 a.m.•28 views

CVE-2023-35860

0.00803EPSS

Exploits0References1

CVE•added 2024/06/13 12:0 a.m.•57 views

CVE-2023-35860

CVE-2023-35860 affects Modern Campus Omni CMS 2023.1. A directory traversal vulnerability allows remote, unauthenticated attackers to enumerate file system information via the dir parameter to listing.php or rss.php. The NVD entry and related sources describe the affected component and exposure, ...

5.3CVSS6.8AI score0.00803EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/02/24 5:0 a.m.•22 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS6.5AI score0.01018EPSS

Exploits1References8

NVD•added 2023/11/15 4:15 a.m.•10 views

CVE-2023-6032

5.3CVSS0.00582EPSS

Exploits0References1

Prion•added 2023/11/15 4:15 a.m.•12 views

Path traversal

5CVSS7.1AI score0.00582EPSS

Exploits0References1Affected Software2

Cvelist•added 2023/11/15 3:54 a.m.•15 views

CVE-2023-6032

5.3CVSS5.6AI score0.00582EPSS

Exploits0References1

CVE•added 2023/11/15 3:54 a.m.•46 views

CVE-2023-6032

CVE-2023-6032 is a path traversal vulnerability in Schneider Electric Galaxy VS and Galaxy VL Network Management Cards accessible over HTTPS. The root cause is improper limitation of a pathname to a restricted directory, enabling filesystem enumeration and file download. Documented affected produ...

5.3CVSS5.3AI score0.00582EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by