CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2126 matches found

GithubExploit•added 2026/03/13 8:33 p.m.•199 views

Exploit for CVE-2026-3891

Pix for WooCommerce 📜 Description...

9.8CVSS5.8AI score0.00845EPSS

Exploits5

GithubExploit•added 2026/03/13 10:19 a.m.•117 views

Exploit for CVE-2026-1311

CVE-2026-1311 CVE-2026-1311 Sample PHP Payload Files...

8.8CVSS5.9AI score0.00734EPSS

Exploits1

Cvelist•added 2026/03/05 5:53 a.m.•27 views

CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

9.9CVSS0.00447EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 12:0 a.m.•5 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

6.5AI score0.00612EPSS

Exploits0References3

Cvelist•added 2026/03/05 12:0 a.m.•29 views

CVE-2025-70995

0.00612EPSS

Exploits0References3

Packet Storm•added 2026/03/04 12:0 a.m.•126 views

📄 WordPress Cibeles AI 1.10.8 Shell Upload

An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...

9.8CVSS6.7AI score0.00823EPSS

Exploits3

Packet Storm•added 2026/03/04 12:0 a.m.•203 views

📄 WordPress AI Feeds 1.0.11 Shell Upload

Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...

9.8CVSS6.6AI score0.00823EPSS

Exploits3

Packet Storm•added 2026/03/04 12:0 a.m.•130 views

📄 WordPress AI Buddy 1.8.5 Shell Upload

Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...

9.1CVSS5.9AI score0.00413EPSS

Exploits5

Metasploit•added 2026/03/02 6:58 p.m.•236 views

MajorDoMo Supply Chain RCE via Update Poisoning

This module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. The saverestore module's admin method is reachable without authentication through the /objects/?module=saverestore endpoint because usual calls admin directly...

9.8CVSS6.3AI score0.01086EPSS

Exploits4

GithubExploit•added 2026/02/28 12:0 a.m.•302 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2020-29607 — Pluck CMS Authenticated remote code executio...

7.2CVSS7.7AI score0.33428EPSS

Exploits6

GithubExploit•added 2026/02/26 3:39 a.m.•195 views

Online-Traffic-Offense-Management-System-1.0-Unauthenticated-RCE-PoC

Online Traffic Offense Management System 1.0 — Unauthenticated...

6.8AI score

Exploits0

CNNVD•added 2026/02/20 12:0 a.m.•4 views

WordPress plugin Wiguard 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.9CVSS5.9AI score0.00434EPSS

Exploits0References1

Packet Storm•added 2026/02/20 12:0 a.m.•140 views

📄 Dell RecoverPoint for Virtual Machines Shell Upload

This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...

10CVSS5.8AI score0.13131EPSS

Exploits1

GithubExploit•added 2026/02/19 4:10 p.m.•172 views

Exploit for CVE-2026-27180

MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...

9.8CVSS7.2AI score0.01086EPSS

Exploits4

GithubExploit•added 2026/02/19 6:19 a.m.•197 views

Exploit for Path Traversal in Welcart Welcart_E-Commerce

Zenario CMS 9.3 - Unauthenticated RCE Exploit CVE-2022-418...

9.8CVSS6.7AI score0.05116EPSS

Exploits2

NVD•added 2026/02/18 10:16 p.m.•7 views

CVE-2026-27180

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

9.8CVSS0.01086EPSS

Exploits4References3

CVE•added 2026/02/18 9:10 p.m.•20 views

CVE-2026-27180

CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...

9.8CVSS6.8AI score0.01086EPSS

Exploits4References3Affected Software1

Cvelist•added 2026/02/18 9:10 p.m.•25 views

CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning

9.8CVSS0.01086EPSS

Exploits4References3