CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

684 matches found

OSV•added 2025/11/12 10:15 a.m.•2 views

CVE-2025-64407

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...

5.3CVSS5.7AI score0.00398EPSS

Exploits0References2

Hacker One•added 2025/11/11 3:25 p.m.•22 views

AWS VDP: AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints

A vulnerability was discovered in the AWS Auto Scaling service, where 6 API endpoints incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail logs. This allowed the adversary to perform API calls using these endpoints and evade the logging of their IP address a...

6.8AI score

Exploits0

EUVD•added 2025/11/07 6:30 p.m.•4 views

EUVD-2025-38270

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

7.1CVSS6.3AI score0.00389EPSS

Exploits0References2

Cvelist•added 2025/11/07 3:11 p.m.•9 views

CVE-2025-57712 Qsync Central

7.1CVSS0.00389EPSS

Exploits0References1

Vulnrichment•added 2025/11/07 3:11 p.m.•3 views

CVE-2025-57712 Qsync Central

7.1CVSS6.4AI score0.00389EPSS

Exploits0References1

AstraLinux•added 2025/11/01 10:54 a.m.•2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Do not report a BUG when INLINEDATAFL lacks the system.data xattr attribute. A syzbot fuzed image triggered a BUG in ext4updateinlinedata, when an inode had the INLINEDATAFL flag set but lacked the system.data extended...

5.5CVSS7.1AI score0.00165EPSS

Exploits0References3

Cvelist•added 2025/10/23 11:29 a.m.•8 views

CVE-2025-62395 Moodle: external cohort search service leaks system cohort data

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS0.00227EPSS

Exploits0References2

EUVD•added 2025/10/23 3:38 a.m.•4 views

EUVD-2025-35649

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS5.8AI score0.00309EPSS

Exploits0References2

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43462

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A security issue exists in the Android Framework that could allow a remote attacker to escalate privileges. The issue involves a permissions bypass that may allow launching activities from th...

7.8CVSS8.1AI score0.00215EPSS

Exploits0References74

Positive Technologies•added 2025/10/23 12:0 a.m.•3 views

PT-2025-43506

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue resides in the hasAccountsOnAnyUser function within DevicePolicyManagerService.java. A logic error in the code allows for the addition of a Device Owner after provisioning. This can...

5.5CVSS8.2AI score0.00231EPSS

Exploits0References80

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43443

Name of the Vulnerable Software and Affected Versions cohort search web service affected versions not specified Description A flaw exists in the cohort search web service that allows users with limited permissions to access cohort information intended for system-level access. This results in the...

4.3CVSS6.2AI score0.00227EPSS

Exploits0References12

NCSC•added 2025/10/14 11:22 a.m.•6 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...

9.8CVSS7.6AI score0.06564EPSS

Exploits5References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-17066

Malware in sbrugna...

5.5CVSS6.5AI score0.00553EPSS

Exploits1References10

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-1999-1469

Malware in sbrugna...

5CVSS6.4AI score0.0365EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-0985

Malware in sbrugna...

5CVSS6.4AI score0.01489EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-9078

Malware in sbrugna...

7.5CVSS7.6AI score0.0109EPSS

Exploits0References2

Tenable Nessus•added 2025/10/07 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-383594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-383594 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an...

7.8CVSS6.3AI score0.00245EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-2910

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.01008EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-26768

Malicious code in bioql PyPI...

6.3AI score0.00165EPSS

Exploits0References9