CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This is a vulnerable nodejs app for demos, as stated in the README.md file. The app is designed to demonstrate the use of Docker to clean up after a breach and prevent them from happening again in the future. The app is built using the Dockerfile, which creates an image with the name "node-hack"...

7.4AI score

Exploits0

Positive Technologies•added 2025/08/24 12:0 a.m.•6 views

PT-2025-34575 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.7.2 Description: A weakness exists in givanz Vvveb that allows for unrestricted file upload. The issue is located in an unknown function within the /system/traits/media.php file. Manipulation of the files...

9.8CVSS6.2AI score0.00454EPSS

Exploits1References9

NVD•added 2025/08/05 8:15 a.m.•5 views

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.8CVSS0.0062EPSS

Exploits0References5

Cvelist•added 2025/07/31 2:53 p.m.•7 views

CVE-2013-10040 ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...

10CVSS0.02484EPSS

Exploits1References5

Positive Technologies•added 2025/07/28 12:0 a.m.•5 views

PT-2025-31045 · Code Projects · Online Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical issue exists in code-projects Online Ordering System 1.0, specifically within the /admin/product.php file. The manipulation of the image argument allows for unrestricted...

9.8CVSS6.4AI score0.00379EPSS

Exploits1References8

CVE•added 2025/07/25 3:53 p.m.•14 views

CVE-2016-15046

CVE-2016-15046 affects Hanwha Techwin Smart Security Manager (SSM) / Hanwha Wisenet SSM, with a client-side RCE caused by improper restrictions on the PUT method of the bundled Apache ActiveMQ on port 8161. The vulnerability enables a Cross-Origin Resource Sharing (CORS) bypass paired with JavaSc...

8.6CVSS7.5AI score0.00882EPSS

Exploits0References6

OSV•added 2025/07/22 9:34 p.m.•8 views

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

7.5CVSS7.1AI score0.00618EPSS

Exploits0References5

NVD•added 2025/07/20 10:15 a.m.•8 views

CVE-2025-7880

A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. Th...

8.8CVSS0.00358EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by