CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This repository contains a proof of concept exploit for CVE-2025-54769, a vulnerability found in lpar2rrd. The vulnerability allows remote code execution and directory traversal by abusing the /lpar2rrd-cgi/upgrade.sh endpoint...

8.8CVSS7.9AI score0.09341EPSS

Exploits4

Exploit DB•added 2025/08/03 12:0 a.m.•448 views

LPAR2RRD 8.04 - Remote Code Execution (RCE)

/ Author : Byte Reaper Title : LPAR2RRD 8.04 - Remote Code Execution RCE CVE : CVE-2025-54769 Vulnerability: RCE && directory traversal Description : Uploads a malicious Perl script via the LPAR2RRD upgrade endpoint, exploits directory traversal to place it in a CGI-executable path, then triggers...

8.8CVSS6.5AI score0.09341EPSS

Exploits4

RedhatCVE•added 2025/07/30 11:40 p.m.•3 views

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...

6.5CVSS7.2AI score0.00271EPSS

Exploits2References1

OSV•added 2025/07/29 12:15 a.m.•0 views

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...

6.5CVSS5.8AI score

Exploits0References3

NVD•added 2025/07/29 12:15 a.m.•2 views

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...

6.5CVSS0.00271EPSS

Exploits2References3

CNNVD•added 2025/07/29 12:0 a.m.•2 views

XORUX LPAR2RRD 安全漏洞

XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from a combination of directory traversal and file upload functionality that could lead to remote code execution...

8.8CVSS7.6AI score0.09341EPSS

Exploits4References3

Packet Storm•added 2025/07/29 12:0 a.m.•111 views

📄 Xorux LPAR2RRD 8.04 Denial of Service

Xorux LPAR2RRD versions 8.04 and below have an issue where an authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service Title: Xorux LPAR2RRD Read Only User Denial of...

6.5CVSS6.5AI score0.00271EPSS

Exploits2

CNNVD•added 2025/07/29 12:0 a.m.•2 views

XORUX LPAR2RRD 安全漏洞

XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from improper privilege management and could lead to process termination...

6.5CVSS6.5AI score0.00271EPSS

Exploits2References2

CNNVD•added 2025/07/29 12:0 a.m.•2 views

XORUX LPAR2RRD 安全漏洞

XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from improper access control of API endpoints, which could lead to the disclosure of sensitive information...

5.3CVSS6.2AI score0.00434EPSS

Exploits2References2

Packet Storm•added 2025/07/29 12:0 a.m.•90 views

📄 Xorux LPAR2RRD 8.04 Information Disclosure

Xorux LPAR2RRD versions 8.04 and below have an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive...

5.3CVSS6.2AI score0.00434EPSS

Exploits2

Packet Storm•added 2025/07/29 12:0 a.m.•99 views

📄 Xorux LPAR2RRD 8.04 File Upload / Directory Traversal

Xorux LPAR2RRD versions 8.04 and below allow an authenticated, read-only user to upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code...

8.8CVSS9.7AI score0.09341EPSS

Exploits4

Cvelist•added 2025/07/28 11:34 p.m.•7 views

CVE-2025-54769 KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution RCE by an attacker...

0.09341EPSS

Exploits4References2

Vulnrichment•added 2025/07/28 11:34 p.m.•2 views

CVE-2025-54769 KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

7.5AI score0.09341EPSS

Exploits4References2

Cvelist•added 2025/07/28 11:31 p.m.•7 views

CVE-2025-54768 KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information...

0.00434EPSS

Exploits2References2

Vulnrichment•added 2025/07/28 11:31 p.m.•5 views

CVE-2025-54768 KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

6.4AI score0.00434EPSS

Exploits2References2

Vulnrichment•added 2025/07/28 11:28 p.m.•1 views

CVE-2025-54767 KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...

6.6AI score0.00271EPSS

Exploits2References2

Rows per page