CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6809 matches found

OSV•added 2025/04/30 9:54 p.m.•2 views

MAL-2025-191889 Malicious code in telepycore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dcd0a2a8162a703ef9d7b90566e4c55116a7f4f4d3b8759ca0d2640acd4ee4 Package can only be used requires additional triggering to install a remote executable, ensure it starts on logon and name mimic network service. Though...

7AI score

Exploits0References7

OSV•added 2025/04/29 2:45 p.m.•2 views

GHSA-88XG-V53P-FPVF YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

Summary An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server. All testing was performed on a local docker setup running the latest version of the application. PoC Proof of Concept Navigate to...

8.7CVSS7AI score0.05051EPSS

Exploits1References4

CISA KEV Catalog•added 2025/04/29 12:0 a.m.•16 views

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

10CVSS9.6AI score0.43664EPSS

In wildExploits18

OpenVAS•added 2025/04/28 12:0 a.m.•21 views

VMware Spring Boot < 2.7.25, 3.0.x < 3.1.16, 3.2.x < 3.2.14, 3.3.x < 3.3.11, 3.4.x < 3.4.5 Matcher Vulnerability - Windows

VMware Spring Boot is prone to a matcher vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot";...

7.3CVSS7.5AI score0.00181EPSS

Exploits0References2

Github Security Blog•added 2025/04/26 9:31 p.m.•6 views

Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS3.6AI score0.00063EPSS

Exploits1References8Affected Software1

OSV•added 2025/04/26 9:15 p.m.•2 views

DEBIAN-CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS4.7AI score0.00063EPSS

Exploits1References1

OSV•added 2025/04/26 9:15 p.m.•4 views

CVE-2025-46653

8.8CVSS6.9AI score

Exploits0References3

RedhatCVE•added 2025/04/26 5:9 p.m.•24 views

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS7AI score0.43664EPSS

Exploits18References1

Vulnrichment•added 2025/04/26 12:0 a.m.•3 views

CVE-2025-46653

3.1CVSS6.9AI score0.00063EPSS

Exploits1References3

OSSF Malicious Packages•added 2025/04/25 12:0 p.m.•3 views

Malicious code in tensorflowlitex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4b20463291f0bcc715ff6daffb6b2cc258096921b2aaf2a0b9bf96947b49b46 Importing the module init.py starts downloading and executing a remote exectuable, which has been identified by any.run and tria.ge as a malicious infostealer...

7AI score

Exploits0References3

OSV•added 2025/04/25 12:0 p.m.•1 views

MAL-2025-191890 Malicious code in tensorflowlitex (PyPI)

7AI score

Exploits0References3

BDU FSTEC•added 2025/04/25 12:0 a.m.•1 views

The vulnerability of the MetadataUploader function in the Visual Composer tool of the SAP NetWeaver software integration platform allows a hacker to execute arbitrary code.

The vulnerability of the MetadataUploader function in the Visual Composer software integration platform of SAP NetWeaver lies in the ability to upload executable files without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially...

10CVSS0.43664EPSS

Exploits18References7

CNVD•added 2025/04/25 12:0 a.m.•9 views

SAP NetWeaver Visual Composer Metadata Uploader File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...

10CVSS7.2AI score0.43664EPSS

Exploits18References1

CVE•added 2025/04/24 4:50 p.m.•775 views

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

10CVSS7AI score0.43664EPSS

In wildExploits18References6Affected Software1

Vulnrichment•added 2025/04/24 4:50 p.m.•22 views

CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)

10CVSS7.2AI score0.43664EPSS

Exploits18References2

SUSE CVE•added 2025/04/23 2:37 a.m.•1 views

SUSE CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS6.8AI score0.00087EPSS

Exploits1References3

OSV•added 2025/04/20 3:15 a.m.•11 views

CVE-2025-43929

7.8CVSS6.8AI score0.00087EPSS

Exploits1References5