Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32985 1 Xerte 1 Xerte Online Toolkits 2026-03-20 9.8 Critical
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. The issue exists in /website_code/php/import/import.php where missing authentication checks allow an attacker to upload a crafted ZIP archive disguised as a project template. The archive can contain a malicious PHP payload placed in the media/ directory, which is extracted into a web-accessible USER-FILES/{projectID}--{targetFolder}/ path. An attacker can then directly access the uploaded PHP file to achieve remote code execution under the web server context.
CVE-2021-44665 1 Xerte 1 Xerte 2024-11-21 6.5 Medium
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
CVE-2021-44664 1 Xerte 1 Xerte 2024-11-21 8.8 High
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.