CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Vulnrichment•added 2026/04/21 11:4 p.m.•1 views

CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.7AI score0.00071EPSS

Exploits1References4

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34216

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.1 Description An incomplete fix in the 'test.php' file allows for unsanitized input. While the wget path was secured using escapeshellarg, the file get contents and curl code paths remain unsanitized. Additionally,...

9.3CVSS5.3AI score0.00071EPSS

Exploits1References9

OSV•added 2026/04/14 11:27 p.m.•2 views

GHSA-PQ8P-WC4F-VG7J WWBN AVideo has an incomplete fix for CVE-2026-33502: Command Injection

Summary The incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit...

9.3CVSS6.7AI score0.00071EPSS

Exploits2References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-5011

Malware in sbrugna...

4.3CVSS6.4AI score0.00334EPSS

Exploits2References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-2196

Malware in sbrugna...

6.8CVSS6.1AI score0.04367EPSS

Exploits1References23

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-5044

Malware in sbrugna...

5CVSS6.4AI score0.00319EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-4478

Malware in sbrugna...

4.3CVSS6.4AI score0.00174EPSS

Exploits1References2

NVD•added 2024/10/31 5:15 p.m.•12 views

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

6.4CVSS0.04168EPSS

Exploits0References2

OSV•added 2024/03/06 11:5 a.m.•20 views

BIT-ROUNDCUBE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

5.4CVSS5.4AI score0.00415EPSS

Exploits1References3

0day.today•added 2024/03/06 12:0 a.m.•378 views

elFinder Web file manager Version - 2.1.53 Remote Command Execution Vulnerability

Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zip Version: 2.1.53...

7.4AI score

Exploits0

Exploit DB•added 2024/03/06 12:0 a.m.•424 views

elFinder Web file manager Version - 2.1.53 Remote Command Execution

Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zi...

7.4AI score

Exploits0

Veracode•added 2023/04/28 5:40 a.m.•20 views

Arbitrary File Read

nuovo/spreadsheet-reader is vulnerable to an Arbitrary File Read. The library ships with a test.php file in the root-directory, which can be called via a HTTP GET with an arbitrary path as a value for the File parameter, which allows attackers to gain access to an arbitrary file...

7.5CVSS7.5AI score0.62334EPSS

Exploits1References2Affected Software1

CVE•added 2023/04/18 12:0 a.m.•68 views

CVE-2023-29887

CVE-2023-29887 concerns a Local File Inclusion in Nuovo Spreadsheet Reader 0.5.11, specifically in test.php, allowing an attacker to include arbitrary files via the File parameter. The vulnerability arises from LFI in a PHP library’s test.php file, enabling potential data disclosure (confidential...

7.5CVSS7.5AI score0.62334EPSS

Exploits1References1Affected Software1

OSV•added 2023/03/28 11:15 p.m.•0 views

CVE-2023-1681

A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

7.5CVSS5.3AI score0.00326EPSS

Exploits1References3

CNNVD•added 2023/03/28 12:0 a.m.•2 views

Xunrui CMS 安全漏洞

Xunrui Cloud Software Development XunRuiCMS Xunrui CMS is an open source content management system CMS from China's Xunrui Cloud Software Development Company. A security vulnerability exists in Xunrui CMS version 4.61, which originates from an unknown function in the /config/myfield/test.php file...

7.5CVSS5.5AI score0.00326EPSS

Exploits1References4

NVD•added 2021/06/24 7:15 p.m.•15 views

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

5.4CVSS0.00415EPSS

Exploits1References3

OSV•added 2021/06/24 7:15 p.m.•26 views

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

5.4CVSS5.9AI score

Exploits0References3