CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

207 matches found

RedhatCVE•added 2025/04/27 4:9 p.m.•19 views

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

8.8CVSS8.7AI score0.01932EPSS

Exploits0References6

HackRead•added 2025/04/25 8:33 p.m.•24 views

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...

10CVSS7AI score0.97157EPSS

Exploits5

RedhatCVE•added 2025/04/25 6:44 p.m.•14 views

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

10CVSS9.8AI score0.97157EPSS

Exploits5References1

NVD•added 2025/04/25 4:15 p.m.•18 views

CVE-2025-3928

8.8CVSS0.01932EPSS

Exploits0References8

OSV•added 2025/04/25 4:15 p.m.•5 views

CVE-2025-3928

8.8CVSS5.8AI score0.01932EPSS

Exploits0References8

CVE•added 2025/04/25 3:56 p.m.•306 views

CVE-2025-3928

CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...

8.8CVSS8.7AI score0.01932EPSS

In wildExploits0References8Affected Software1

Vulnrichment•added 2025/04/25 3:56 p.m.•12 views

CVE-2025-3928 Commvault Web Server unspecified vulnerability

8.8CVSS8.7AI score0.01932EPSS

Exploits0References6

Cvelist•added 2025/04/25 3:56 p.m.•491 views

CVE-2025-3928 Commvault Web Server unspecified vulnerability

8.8CVSS0.01932EPSS

Exploits0References6

EUVD•added 2025/04/25 3:56 p.m.•4 views

EUVD-2025-12508

8.8CVSS6.2AI score0.01932EPSS

Exploits0References8

ATTACKERKB•added 2025/04/25 12:0 a.m.•18 views

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

8.8CVSS8.7AI score0.01932EPSS

In wildExploits0References7

CNNVD•added 2025/04/25 12:0 a.m.•2 views

Commvault Web Server 安全漏洞

Commvault Web Server is a web server management program from Commvault USA. A security vulnerability exists in Commvault Web Server that originates from a remote authenticated attacker who could create and execute a webshell...

8.8CVSS9.4AI score0.01932EPSS

Exploits0References6

Tenable Nessus•added 2025/04/25 12:0 a.m.•23 views

Commvault Command Center 11.38 < 11.38.20 RCE (CV_2025_04_1)

An arbitrary code execution vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. Note that Nessus has not tested for this issue but has instead relied only on t...

10CVSS9.5AI score0.97157EPSS

Exploits5References2

The Hacker News•added 2025/04/24 10:0 a.m.•30 views

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

10CVSS8.8AI score0.97157EPSS

Exploits5

Packet Storm News•added 2025/04/24 12:0 a.m.•3 views

Commvault Command Center Innovation Release 11.38 Remote Code Execution

Commvault Command Center Innovation Release version 11.38 proof of concept pre-authentication remote code execution exploit...

10CVSS8.2AI score0.97157EPSS

Exploits5

NVD•added 2025/04/22 5:16 p.m.•21 views

CVE-2025-34028

10CVSS0.97157EPSS

Exploits5References5

Cvelist•added 2025/04/22 4:32 p.m.•67 views

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

9.3CVSS0.97157EPSS

Exploits5References4

CVE•added 2025/04/22 4:32 p.m.•375 views

CVE-2025-34028

CVE-2025-34028 affects Commvault Command Center Innovation Release (11.38.0–11.38.20); it is a path-traversal vulnerability allowing an unauthenticated actor to upload ZIP install packages that, when expanded, enable Remote Code Execution. Root cause: ZIPs containing crafted payloads trigger path...

10CVSS9.9AI score0.97157EPSS

In wildExploits5References5Affected Software1

Vulnrichment•added 2025/04/22 4:32 p.m.•16 views

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

9.3CVSS9.3AI score0.97157EPSS

Exploits5References4

ATTACKERKB•added 2025/04/22 12:0 a.m.•10 views

CVE-2025-34028

10CVSS9.9AI score0.97157EPSS

In wildExploits5References5

CNNVD•added 2025/04/22 12:0 a.m.•6 views

Commvault Command Center 访问控制错误漏洞

Commvault Command Center is a graphical management interface from Commvault USA. An access control error vulnerability exists in Commvault Command Center version 11.38, which stems from a path traversal vulnerability that could lead to remote code execution...

10CVSS9.6AI score0.97157EPSS

Exploits5References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by