Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argume
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary
CVE-2026-5482
CRITICAL CVSS 9.3
Find Similar
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.  This project is
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media paramete
CVE-2024-12822
CRITICAL CVSS 9.8
Find Similar
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() fun
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-si
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability exi
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `makeMediaPublic()` and `makeMediaPrivate()` functions in all vers
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capabilit
A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in un
CVE-2025-47688
CRITICAL CVSS 9.8
Find Similar
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File M
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUplo
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compone