CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

935 matches found

NVD•added 2025/10/28 3:16 p.m.•5 views

CVE-2025-34311

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...

8.8CVSS0.12654EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 2:43 p.m.•5 views

CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation

8.7CVSS7.8AI score0.12654EPSS

Exploits0References3

CVE•added 2025/10/28 2:43 p.m.•10 views

CVE-2025-34311

IPFire

8.8CVSS7.8AI score0.12654EPSS

Exploits0References3Affected Software1

NVD•added 2025/10/24 10:15 a.m.•6 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS0.06932EPSS

Exploits0References2

Positive Technologies•added 2025/10/18 12:0 a.m.•3 views

PT-2025-43608

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.7 alpha1 through 2.7 beta1 Description The OpenVPN software, specifically the --dns-updown component, is susceptible to a flaw that allows a remote authenticated server to inject shell commands via DNS variables when the...

9CVSS9.7AI score0.06932EPSS

Exploits0References27

SUSE CVE•added 2025/10/16 11:38 p.m.•4 views

SUSE CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS6.9AI score0.38991EPSS

Exploits2References11

Filippo.io•added 2025/10/10 2:33 p.m.•6 views

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises

Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...

6.3AI score

Exploits0

OSV•added 2025/10/08 5:41 p.m.•5 views

JLSEC-2025-2 Command injection in `withpasswd()` function in Registrator.jl

Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, a shell script injection can occur within the withpasswd function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerabl...

9.8CVSS7.2AI score0.00382EPSS

Exploits0