CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

EUVD•added 2026/05/05 12:31 p.m.•5 views

EUVD-2026-27301

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.5AI score0.00264EPSS

Exploits0References3

Positive Technologies•added 2026/05/05 12:0 a.m.•3 views

PT-2026-36968

Name of the Vulnerable Software and Affected Versions Geeky Bot versions prior to 1.2.3 Description The Geeky Bot plugin for WordPress contains a missing authorization flaw. A nopriv AJAX route allows an attacker to control model/function dispatch, reaching a plugin installer helper that download...

9.8CVSS6.2AI score0.00253EPSS

Exploits0References13

CNNVD•added 2026/04/10 12:0 a.m.•3 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application developed by Tandoor Recipes for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.5 contained security vulnerabilities. These vulnerabilities stemmed from defects in the recipe import...

6.5CVSS5.8AI score0.00054EPSS

Exploits1References2

ATTACKERKB•added 2026/04/07 12:0 a.m.•3 views

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

6.1AI score0.00141EPSS

Exploits0References5

OSV•added 2026/03/31 10:22 p.m.•0 views

GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00031EPSS

Exploits1References5

ATTACKERKB•added 2026/03/18 12:0 a.m.•1 views

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

5.8AI score0.00008EPSS

Exploits0References3

EUVD•added 2026/02/06 6:12 p.m.•3 views

EUVD-2025-206884

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.00133EPSS

Exploits3References1

CNNVD•added 2026/02/06 12:0 a.m.•3 views

OpenSTAManager 操作系统命令注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the P7M file decoding function’s...

9.4CVSS6.1AI score0.00133EPSS

Exploits3References1

Packet Storm•added 2026/02/06 12:0 a.m.•143 views

📄 WordPress Tatsu 3.3.11 Shell Upload

WordPress Tatsu plugin version 3.3.11 proof of concept unauthenticated remote shell upload exploit. ============================================================================================================================================= | Title : WordPress Tatsu 3.3.11 Plugin Unauthenticated...

8.1CVSS5.4AI score0.90975EPSS

Exploits9

RedhatCVE•added 2026/01/09 9:56 a.m.•7 views

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

8.1CVSS6.7AI score0.01245EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:20 a.m.•4 views

CVE-2021-33692

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories...

7.5CVSS7AI score0.0035EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:54 a.m.•5 views

CVE-2021-41279

BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the...

9CVSS6.8AI score0.00438EPSS

Exploits0References1

OSV•added 2025/12/15 4:15 p.m.•1 views

CVE-2025-60786

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

8.8CVSS6AI score0.0018EPSS

Exploits1References2

NVD•added 2025/12/09 5:15 p.m.•1 views

CVE-2025-56704

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code...

8.8CVSS0.00082EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-26754

Malware in sbrugna...

8.8CVSS8.7AI score0.0079EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-19518

Malware in sbrugna...

8.8CVSS8.8AI score0.00757EPSS

Exploits0References2