CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2117 matches found

CVE•added 2026/04/30 4:8 p.m.•10 views

CVE-2022-50993

CVE-2022-50993 affects Weaver (Fanwei) E-office, prior to version 10.0_20221201. The OfficeServer.php endpoint is vulnerable to unauthenticated arbitrary file upload, allowing remote attackers to POST multipart data with arbitrary filenames and disguised content types to upload PHP web shells int...

9.8CVSS6.8AI score0.00308EPSS

In wildExploits0References4

Cvelist•added 2026/04/30 4:8 p.m.•29 views

CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

9.8CVSS0.00308EPSS

Exploits0References4

Vulnrichment•added 2026/04/30 4:8 p.m.•1 views

CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet

9.8CVSS6.7AI score0.00308EPSS

Exploits0References4

EUVD•added 2026/04/30 4:8 p.m.•0 views

EUVD-2022-55965

9.8CVSS6.8AI score0.00308EPSS

Exploits0References4

VulnCheck KEV•added 2026/04/30 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-50993

9.8CVSS6.8AI score0.00308EPSS

In wildExploits0References7

CNNVD•added 2026/04/30 12:0 a.m.•5 views

Weaver E-office 代码问题漏洞

Weaver E-office is an office automation system developed by the Chinese company Weaver. Versions of Weaver E-office prior to 10.020221201 contained code vulnerabilities. These vulnerabilities stemmed from an unauthenticated file upload vulnerability present in the OfficeServer.php endpoint. This...

9.8CVSS6.5AI score0.00308EPSS

Exploits0References1

Packet Storm•added 2026/04/29 12:0 a.m.•57 views

📄 Pizzafy Ecommerce System 1.0 Shell Upload

The savemenu function in Pizzafy Ecommerce System version 1.0 handles image uploads for menu items without performing any file type validation. The application retrieves the file extension using pathinfo but never actually checks or restricts the allowed file types before moving the uploaded file...

5.8CVSS6AI score0.0005EPSS

Exploits1

NVD•added 2026/04/27 4:16 p.m.•2 views

CVE-2026-41463

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...

8.8CVSS0.00541EPSS

Exploits0References4

Cvelist•added 2026/04/27 3:9 p.m.•24 views

CVE-2026-41463 ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php

8.8CVSS0.00541EPSS

Exploits0References4

CVE•added 2026/04/27 3:9 p.m.•3 views

CVE-2026-41463

Summary: CVE-2026-41463 affects ProjeQtor versions 7.0–12.4.3 and describes a ZipSlip path traversal in the plugin upload functionality. An authenticated attacker with upload permissions can craft ZIP archives with directory traversal sequences to bypass extraction boundaries and write files outs...

8.8CVSS6.4AI score0.00541EPSS

Exploits0References4

ATTACKERKB•added 2026/04/27 3:9 p.m.•2 views

CVE-2026-41463

8.8CVSS6.4AI score0.00541EPSS

Exploits0References5Affected Software1

GithubExploit•added 2026/04/24 9:26 p.m.•146 views

Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa

CVE-2026-25895 — FUXA for code execution within 60 seconds...

9.8CVSS6.3AI score0.00775EPSS

Exploits3

EUVD•added 2026/04/21 6:31 p.m.•5 views

EUVD-2019-20151

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00853EPSS

Exploits0References8

EUVD•added 2026/04/21 6:31 p.m.•2 views

EUVD-2026-24139

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

7.2CVSS5.9AI score0.00144EPSS

Exploits1References3

NVD•added 2026/04/21 5:16 p.m.•2 views

CVE-2019-25714

9.3CVSS0.00853EPSS

Exploits0References7

NVD•added 2026/04/21 4:16 p.m.•2 views

CVE-2026-37748

7.2CVSS0.00144EPSS

Exploits1References2

ATTACKERKB•added 2026/04/21 4:11 p.m.•3 views

CVE-2019-25714

9.3CVSS6.2AI score0.00853EPSS

Exploits0References6Affected Software2

CVE•added 2026/04/21 4:11 p.m.•24 views

CVE-2019-25714

CVE-2019-25714 affects Seeyon OA A8, with an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint. The issue allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests containing base64-encoded pa...

9.3CVSS6.2AI score0.00853EPSS

In wildExploits0References7

Vulnrichment•added 2026/04/21 4:11 p.m.•1 views

CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

9.3CVSS6.2AI score0.00853EPSS

Exploits0References7

Cvelist•added 2026/04/21 4:11 p.m.•25 views

CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

9.3CVSS0.00853EPSS

Exploits0References7

Rows per page