CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1770 matches found

Cvelist•added 2025/11/11 8:20 p.m.•3 views

CVE-2024-32008

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...

8.5CVSS0.00105EPSS

Exploits0References1

EUVD•added 2025/11/11 8:20 p.m.•4 views

EUVD-2024-29846

8.5CVSS7.3AI score0.00105EPSS

Exploits0References2

Positive Technologies•added 2025/11/11 12:0 a.m.•2 views

PT-2025-46533

Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application contains a flaw that allows local privilege escalation. An exposed debug interface on localhost enables any local user to gain code execution as an administrative...

8.5CVSS7.3AI score0.00105EPSS

Exploits0References3

SUSE CVE•added 2025/10/24 11:22 p.m.•2 views

SUSE CVE-2025-59956

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...

6.5CVSS6.5AI score0.00388EPSS

Exploits1References2

CNNVD•added 2025/10/19 12:0 a.m.•2 views

bftpd 安全漏洞

Bftpd is an FTP File Transfer Protocol server. A security vulnerability exists in bftpd 6.2 and earlier versions, which originates from a heap buffer overflow in the function expandgroups in the file options.c of the component Configuration File Handler, which could lead to a localhost attack...

4.5CVSS5.2AI score0.00165EPSS

Exploits0References5

Snyk•added 2025/10/17 9:42 p.m.•1 views

Deserialization of Untrusted Data

Overview pyquokka is a Quokka Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doaction function in the flight.py file. An attacker can execute arbitrary code on the server by sending maliciously crafted serialized data through the network interface...

9.8CVSS7.8AI score0.00761EPSS

Exploits1References2

OSV•added 2025/10/17 5:46 p.m.•7 views

GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

3CVSS7AI score0.00294EPSS

Exploits0References5

RedhatCVE•added 2025/10/07 9:21 p.m.•2 views

CVE-2025-61679

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

7.7CVSS7.3AI score0.0014EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-10231

Malware in sbrugna...

5.9CVSS7.8AI score0.02177EPSS

Exploits0References27

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-4098

Malware in sbrugna...

8.1CVSS7.6AI score0.04277EPSS

Exploits0References5