CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS7.2AI score0.38428EPSS

Exploits7

Packet Storm•added 2025/09/12 12:0 a.m.•259 views

📄 Sitecore XP Post-Authentication Remote Code Execution

This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS8.3AI score0.38428EPSS

Exploits7

RedhatCVE•added 2025/09/06 5:29 a.m.•12 views

CVE-2024-56189

In SAEMMDiscloseMsId of SAEMMRadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6.2AI score0.00253EPSS

Exploits0References1

CVE•added 2025/09/04 5:10 a.m.•428 views

CVE-2024-56189

CVE-2024-56189 describes an out-of-bounds read in SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c due to a missing bounds check. The available sources indicate this could allow remote information disclosure after authentication with no additional execution privileges and no user interaction requi...

6.5CVSS5.6AI score0.00253EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/09/04 5:10 a.m.•4 views

CVE-2024-56189

5.6AI score0.00253EPSS

Exploits0References1

RedhatCVE•added 2025/09/04 12:28 a.m.•3 views

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

6.5CVSS7.5AI score0.0359EPSS

Exploits1References1

NVD•added 2025/09/02 3:15 p.m.•3 views

CVE-2024-48705

6.5CVSS0.0359EPSS

Exploits1References2

Positive Technologies•added 2025/09/02 12:0 a.m.•2 views

PT-2025-35572

Name of the Vulnerable Software and Affected Versions: Wavlink AC1200 versions M32A3 V1410 230602 and M32A3 V1410 240222 Description: The Wavlink AC1200 is susceptible to a post-authentication command injection when resetting the password. The issue resides within the adm.cgi binary, specifically...

6.5CVSS6.9AI score0.0359EPSS

Exploits1References6

Cvelist•added 2025/09/02 12:0 a.m.•8 views

CVE-2024-48705

0.0359EPSS

Exploits1References2

Vulnrichment•added 2025/09/02 12:0 a.m.•2 views

CVE-2024-48705

6.9AI score0.0359EPSS

Exploits1References2

RedhatCVE•added 2025/08/24 3:14 a.m.•4 views

CVE-2025-41451

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

8.7CVSS8.2AI score0.00932EPSS

Exploits0References1

RedhatCVE•added 2025/08/24 3:14 a.m.•3 views

CVE-2025-41452

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

6.8CVSS7.2AI score0.00236EPSS

Exploits0References1

NVD•added 2025/08/22 3:15 a.m.•6 views

CVE-2025-41452

6.8CVSS0.00236EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by