CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

165 matches found

RedhatCVE•added 2026/01/14 11:19 p.m.•4 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS6.3AI score0.00111EPSS

Exploits1References1

CVE•added 2026/01/13 10:51 p.m.•7 views

CVE-2022-50907

Affected software: e107 CMS 3.2.1. Issue: a file upload restriction bypass in the Media Manager import flow allows authenticated admin users to upload PHP files outside restricted locations, enabling remote code execution. Root cause: manipulation of the upload URL parameter enables placing malic...

8.6CVSS7.9AI score0.00598EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/01/13 12:0 a.m.•1 views

PT-2026-2382

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...

6.4CVSS6.1AI score0.00111EPSS

Exploits1References6

CNNVD•added 2026/01/13 12:0 a.m.•2 views

e107 跨站脚本漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site scripting vulnerability exis...

4.8CVSS5.7AI score0.00111EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 12:1 p.m.•5 views

CVE-2018-19196

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...

9.8CVSS8.2AI score0.00557EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:54 a.m.•3 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS6.9AI score0.00578EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:33 a.m.•8 views

CVE-2019-7861

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.5CVSS6.8AI score0.00059EPSS

Exploits0References1

CNVD•added 2025/12/24 12:0 a.m.•2 views

Advantech WebAccess/SCADA Code Issue Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...

9.8CVSS6.2AI score0.00138EPSS

Exploits0References1