CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

975 matches found

CVE•added 2025/12/23 9:19 p.m.•33 views

CVE-2025-14500

IceWarp14 is affected by a remote code execution vulnerability in the X-File-Operation header handling. The flaw stems from insufficient validation of a user-supplied string used to invoke a system call, allowing an attacker to execute code in the context of SYSTEM without authentication. This is...

9.8CVSS9.6AI score0.01443EPSS

Exploits0References1

Vulnrichment•added 2025/12/23 9:16 p.m.•3 views

CVE-2025-14490 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.7AI score0.00171EPSS

Exploits0References1

CVE•added 2025/12/23 9:16 p.m.•9 views

CVE-2025-14488

RealDefense SUPERAntiSpyware is affected by a Local Privilege Escalation due to an exposed dangerous function in the SAS Core Service. The root cause is the exposed function that allows a low-privileged attacker who already has code execution on the target to escalate privileges and run arbitrary...

7.8CVSS7.8AI score0.00172EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/23 9:16 p.m.•5 views

CVE-2025-14497 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

7.8CVSS7.1AI score0.00172EPSS

Exploits0References1

Cvelist•added 2025/12/23 9:16 p.m.•18 views

CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

7.8CVSS0.00172EPSS

Exploits0References1

Zero Day Initiative•added 2025/12/19 12:0 a.m.•4 views

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS...

7.8CVSS7.5AI score0.00172EPSS

Exploits0References1

Zero Day Initiative•added 2025/12/10 12:0 a.m.•4 views

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validatio...

9.8CVSS7.6AI score0.01443EPSS

Exploits0References1

Zero Day Initiative•added 2025/11/25 12:0 a.m.•6 views

ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AsusSwitchAgent...

7.8CVSS7.4AI score0.00122EPSS

Exploits0References1

NVD•added 2025/11/04 5:16 a.m.•3 views

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

8.8CVSS0.00081EPSS

Exploits0References1

NVD•added 2025/10/23 12:15 p.m.•4 views

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS0.00227EPSS

Exploits0References2

OSV•added 2025/10/23 12:15 p.m.•2 views

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS6.1AI score0.00227EPSS

Exploits0References2

OSV•added 2025/10/23 12:15 p.m.•5 views

UBUNTU-CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS5.8AI score0.00227EPSS

Exploits0References4

EUVD•added 2025/10/23 11:29 a.m.•4 views

EUVD-2025-35666

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS6AI score0.00227EPSS

Exploits0References3

CVE•added 2025/10/23 11:29 a.m.•24 views

CVE-2025-62395

CVE-2025-62395 affects Moodle LMS via a flaw in the cohort search web service. The issue allows users with permissions in lower contexts to access cohort information from the system context, potentially exposing restricted administrative data. The Connected documents confirm the vulnerability des...

4.3CVSS6.1AI score0.00227EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/16 3:19 p.m.•3 views

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS6.5AI score0.00227EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-18602

Malware in sbrugna...

7.8CVSS7.5AI score0.00614EPSS

Exploits3References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-8575

Malware in sbrugna...

9.3CVSS8.8AI score0.03675EPSS

Exploits0References2