CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/10/14 8:35 a.m.•2 views

CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...

8.8CVSS7.3AI score0.00881EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•5 views

PT-2025-41985

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•5 views

PT-2025-41893

Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer affected versions not specified Description A security issue exists that can lead to a denial-of-service condition. This is caused by providing invalid values to Component Object Model COM methods. The vulnerability...

8.7CVSS6.2AI score0.00345EPSS

Exploits0References5

CNNVD•added 2025/10/14 12:0 a.m.•4 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...

6.5CVSS6.6AI score0.00263EPSS

Exploits1References2

Positive Technologies•added 2025/10/14 12:0 a.m.•3 views

PT-2025-41979

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•4 views

PT-2025-41981

6.5CVSS7.1AI score0.00333EPSS

CNNVD•added 2025/10/14 12:0 a.m.•3 views

Rockwell Automation ArmorStart AOP 安全漏洞

Rockwell Automation ArmorStart AOP is a distributed motor controller from Rockwell Automation. The Rockwell Automation ArmorStart AOP suffers from a denial of service vulnerability that originates from entering an invalid value into a COM method, which can be exploited by an attacker to cause a...

8.7CVSS6.7AI score0.00345EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•4 views

PT-2025-41988

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An issue exists in a low-level interface library that could allow an authenticated malicious actor to download arbitrary...

4.9CVSS6.4AI score0.00409EPSS

Exploits0References4

Positive Technologies•added 2025/10/14 12:0 a.m.•4 views

PT-2025-41978

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the CLI binary of the AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow a...

7.2CVSS7.4AI score0.01274EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•5 views

PT-2025-41984

4.9CVSS6.9AI score0.00319EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•5 views

PT-2025-41977

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the Command Line Interface CLI binary. Exploitation allows an attacker with valid credentials to execute arbitrar...

7.2CVSS7.6AI score0.01274EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•4 views

PT-2025-41976

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An arbitrary file write issue exists in the web-based management interface. Successful exploitation could allow an...

7.2CVSS7AI score0.00501EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•4 views

PT-2025-41934

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13 Description A privilege escalation issue exists in the Api instructor controller. Authenticated users without the necessary permissions can access functions intended only for...

6.5CVSS6.6AI score0.00263EPSS

Exploits1References3

CNNVD•added 2025/10/14 12:0 a.m.•4 views

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from workflow-controller pod logs exposing workware repository credentia...

8.5CVSS6.3AI score0.00441EPSS

Positive Technologies•added 2025/10/14 12:0 a.m.•5 views

PT-2025-41980

6.5CVSS7.1AI score0.00333EPSS

Vulnrichment•added 2025/10/13 6:26 a.m.•4 views

CVE-2025-0636 Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...

8.4CVSS6.7AI score0.00266EPSS

CVE•added 2025/10/13 6:26 a.m.•25 views

CVE-2025-0636

CVE-2025-0636 affects Ericsson RAN Compute and Ericsson Site Controller (EMCLI). The issue is a high-severity vulnerability arising from improper neutralization of special elements used in an OS command, potentially enabling Arbitrary Code Execution. The publicly documented details across multipl...

8.4CVSS6.7AI score0.00266EPSS