CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21005 matches found

IBM Security Bulletins•added 2025/10/28 5:54 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...

5.9CVSS6.4AI score0.01916EPSS

Exploits1Affected Software1

RedhatCVE•added 2025/10/28 12:27 a.m.•9 views

CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

8.6CVSS6.4AI score0.01895EPSS

Exploits1References1

RedhatCVE•added 2025/10/28 12:27 a.m.•9 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

9.8CVSS7AI score0.00803EPSS

Exploits1References1

Tenable Nessus•added 2025/10/28 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-55754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If...

9.6CVSS7.3AI score0.09917EPSS

Exploits0References3

Tenable Nessus•added 2025/10/28 12:0 a.m.•4 views

Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...

9.6CVSS6.9AI score0.09917EPSS

Exploits0References4

OpenVAS•added 2025/10/28 12:0 a.m.•5 views

Apache Tomcat Console Manipulation Vulnerability (Oct 2025) - Linux

Apache Tomcat is prone to a console manipulation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; i...

9.6CVSS7AI score0.09917EPSS

Exploits0References5

OpenVAS•added 2025/10/28 12:0 a.m.•6 views

Apache Tomcat Console Manipulation Vulnerability (Oct 2025) - Windows

9.6CVSS7AI score0.09917EPSS

Exploits0References5

Snyk•added 2025/10/27 9:42 p.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the com.docker.compose.extends or com.docker.compose.envfile annotations in remote OCI artifact layers. An attacker can escape the intended cache directory and overwrite arbitrary files on the host system by...

8.9CVSS7.7AI score0.13848EPSS

Exploits0References2

Snyk•added 2025/10/27 9:42 p.m.•2 views

Directory Traversal

8.9CVSS7.7AI score0.13848EPSS

Exploits0References2

RedhatCVE•added 2025/10/27 8:36 p.m.•1 views

CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

9.6CVSS6.2AI score0.09917EPSS

Exploits0References5

Github Security Blog•added 2025/10/27 6:31 p.m.•9 views

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console...

9.6CVSS6.9AI score0.09917EPSS

Exploits0References11Affected Software3

OSV•added 2025/10/27 6:31 p.m.•0 views

GHSA-VFWW-5HM6-HX2J Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

9.6CVSS7AI score0.09917EPSS

Exploits0References11

OSV•added 2025/10/27 6:23 p.m.•3 views

JLSEC-2025-194 wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence...

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS6.9AI score0.02242EPSS

Exploits3References16

IBM Security Bulletins•added 2025/10/27 6:20 p.m.•11 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-38211 DESCRIPTION: In the Linux kernel, the following vulnerability has...

7.8CVSS7.7AI score0.00169EPSS

Exploits0Affected Software1