CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18742 matches found

Github Security Blog•added 2026/03/31 10:47 p.m.•5 views

baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...

7.2CVSS8AI score0.00151EPSS

Exploits1References5Affected Software1

Patchstack•added 2026/03/31 7:50 a.m.•3 views

WordPress Oxygen theme <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path vulnerability

Unauthenticated Server-Side Request Forgery via routepath vulnerability discovered by Ahmed Rayen Ayari in WordPress Theme Oxygen versions = 6.0.8...

7.2CVSS5.9AI score0.00077EPSS

Exploits0References1Affected Software1

Snyk•added 2026/03/31 2:30 a.m.•0 views

Directory Traversal

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Directory Traversal via the theme file management API when an authenticated administrator supplies crafted input to the path parameter. An attacker can write arbitra...

8.6CVSS6.7AI score0.00151EPSS

Exploits1References2

NVD•added 2026/03/31 1:16 a.m.•3 views

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

7.2CVSS0.00151EPSS

Exploits1References3

Vulnrichment•added 2026/03/31 12:45 a.m.•2 views

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

7.2CVSS6.4AI score0.00151EPSS

Exploits1References3

CVE•added 2026/03/31 12:45 a.m.•11 views

CVE-2026-30940

CVE-2026-30940 affects baserCMS prior to version 5.2.3. A path traversal flaw exists in the theme file management API at /baser/api/admin/bc-theme-file/theme_files/add.json, allowing an authenticated administrator to inject ../ sequences in the path and create a PHP file outside the theme directo...

7.2CVSS6.5AI score0.00151EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/31 12:45 a.m.•2 views

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

7.2CVSS6.4AI score0.00151EPSS

Exploits1References5

ATTACKERKB•added 2026/03/31 12:45 a.m.•1 views

CVE-2026-30940

7.2CVSS6.5AI score0.00151EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/03/31 12:0 a.m.•4 views

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the theme file management API, which could lead to arbitrary file writing and...

7.2CVSS6.3AI score0.00151EPSS

Exploits1References3

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29152

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/theme files/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

7.2CVSS6.5AI score0.00151EPSS

Exploits1References4

RedhatCVE•added 2026/03/29 5:10 a.m.•2 views

CVE-2025-12886

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

7.2CVSS5.9AI score0.00077EPSS

Exploits0References1

EUVD•added 2026/03/28 6:30 a.m.•2 views

EUVD-2025-209108

7.2CVSS5.9AI score0.00077EPSS

Exploits0References3

EUVD•added 2026/03/28 6:30 a.m.•3 views

EUVD-2025-209110

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

6AI score0.00019EPSS

Exploits0References2

NVD•added 2026/03/28 6:16 a.m.•3 views

CVE-2025-15445

5.4CVSS0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/03/28 6:0 a.m.•3 views

CVE-2025-15445

5.4CVSS6AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/03/28 6:0 a.m.•1 views

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

6AI score0.00019EPSS

Exploits0References1

CVE•added 2026/03/28 6:0 a.m.•7 views

CVE-2025-15445

The CVE concerns the Restaurant Cafeteria WordPress theme (

5.4CVSS6AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/03/28 6:0 a.m.•27 views

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/03/28 2:26 a.m.•2 views

CVE-2025-12886

7.2CVSS5.9AI score0.00077EPSS

Exploits0References3

CVE•added 2026/03/28 2:26 a.m.•16 views

CVE-2025-12886

The Oxygen Theme for WordPress (versions up to 6.0.8) is vulnerable to unauthenticated Server-Side Request Forgery via the laborator_calc_route AJAX action. This allows an attacker to issue web requests from the application to arbitrary locations, potentially querying and modifying information fr...

7.2CVSS5.9AI score0.00077EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by