CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

412 matches found

Vulnrichment•added 2026/05/15 6:36 p.m.•3 views

CVE-2026-46360 phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

5.4CVSS5.9AI score0.00029EPSS

Exploits0References2

Github Security Blog•added 2026/05/11 7:33 p.m.•3 views

MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/10 12:43 p.m.•3 views

CVE-2021-47936

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...

9.8CVSS6.7AI score0.00295EPSS

Exploits0References4

Vulnrichment•added 2026/05/08 12:0 a.m.•2 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6AI score0.00036EPSS

Exploits3References5

Snyk•added 2026/05/04 7:44 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00048EPSS

Exploits1References2

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

PT-2026-30932

NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service...

4.8CVSS5.9AI score0.0007EPSS

Exploits0References3

Cvelist•added 2026/03/26 1:1 p.m.•21 views

CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...

5.7CVSS0.00017EPSS

Exploits0References1

CNNVD•added 2026/03/23 12:0 a.m.•3 views

CodePhiliaX Chat2DB 代码问题漏洞

CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain code-related vulnerabilities. These vulnerabilities stem from the unlimited uploading feature of the JDBC Driver Upload component...

6.5CVSS6.7AI score0.0005EPSS

Exploits0References4

CVE•added 2026/03/10 8:27 a.m.•6 views

CVE-2025-41712

CVE-2025-41712 describes an unauthenticated remote attacker who can gain access to sensitive information on a device by tricking a user into uploading a manipulated HTML file. Root cause: incorrect permission assignment for the web server. Reported impact: high confidentiality impact (CVE metrics...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References4

CNNVD•added 2026/02/09 12:0 a.m.•1 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from...

5.4CVSS5.8AI score0.00017EPSS

Exploits1References3

OSV•added 2025/12/31 11:15 p.m.•0 views

CVE-2025-67706

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

5.6CVSS5.9AI score

Exploits0References1

CNVD•added 2025/12/31 12:0 a.m.•5 views

College Notes Uploading System Code Issue Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System has a code issue vulnerability that stems from an unknown function in the /dashboard/userprofile.php file that mishandles the image parameter. An attacker can exploit this vulnerability to upload...

8.8CVSS6.7AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2025/12/30 6:8 p.m.•4 views

CVE-2025-15198

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available ...

9.8CVSS7.2AI score0.0002EPSS

Exploits1References1

RedhatCVE•added 2025/12/30 6:8 p.m.•4 views

CVE-2025-15199

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit h...

8.8CVSS6.5AI score0.00034EPSS

Exploits0References1