CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, shou...

5.5CVSS5.6AI score0.00146EPSS

Exploits0References4

Debian CVE•added 2025/09/18 1:33 p.m.•5 views

CVE-2022-50389

5.5CVSS5.3AI score0.00146EPSS

Exploits0

RedhatCVE•added 2025/07/18 9:58 p.m.•8 views

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

8.7CVSS8.1AI score0.01077EPSS

Exploits0References1

OSV•added 2025/07/08 7:15 a.m.•2 views

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

8.8CVSS5.8AI score0.00288EPSS

Exploits0References1

BDU FSTEC•added 2025/06/04 12:0 a.m.•3 views

The vulnerabilities of the i915_perf_open_ioctl(), i915_perf_add_config_ioctl(), and i915_perf_remove_config_ioctl() functions in the Linux operating system allow a hacker to cause a service failure.

The vulnerabilities of the i915perfopenioctl, i915perfaddconfigioctl, and i915perfremoveconfigioctl functions in the Linux kernel are related to pointer manipulation. Exploiting these vulnerabilities can allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00236EPSS

Exploits0References16Affected Software9

OSV•added 2025/05/28 12:0 a.m.•0 views

UBUNTU-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS5.8AI score0.00235EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 2:57 a.m.•2 views

CVE-2023-20220

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

8.8CVSS7.6AI score0.01073EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:15 p.m.•6 views

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...

8.8CVSS7.9AI score0.04588EPSS

Exploits0

RedhatCVE•added 2025/05/11 6:17 a.m.•18 views

CVE-2025-4377

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pr...

8.3CVSS7AI score0.00621EPSS

Exploits0References3

CNNVD•added 2025/04/08 12:0 a.m.•3 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that originates from allowing an attacker to obtain a system username via the VAPIX Device Configuration SSH Management API...

4.3CVSS6.8AI score0.00259EPSS

Exploits0References3

RedhatCVE•added 2025/03/20 2:17 p.m.•5 views

CVE-2024-8997

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...

9.8CVSS5.8AI score0.00401EPSS

Exploits0References1

ATTACKERKB•added 2025/03/18 2:15 p.m.•5 views

CVE-2024-8997

9.8CVSS5.8AI score0.00401EPSS

Exploits0References3

OSV•added 2025/03/18 2:15 p.m.•3 views

CVE-2024-8997

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53...

9.8CVSS5.8AI score0.00401EPSS

Exploits0References1