CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Synapse...

7.8CVSS7.5AI score0.00175EPSS

Exploits0

RedhatCVE•added 2025/09/18 1:39 a.m.•9 views

CVE-2025-57625

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other binaries called by...

8.8CVSS8AI score0.00538EPSS

Exploits0References1

Japan Vulnerability Notes•added 2025/09/17 4:45 a.m.•4 views

Century HW RAID Manager registers a Windows service with an unquoted file path

Overview RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-59307 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.4CVSS7.5AI score0.00166EPSS

Exploits0References4

Vulnrichment•added 2025/09/04 4:57 a.m.•3 views

CVE-2025-36902

In synacdevioctlstorepid of synatcm2sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

6.5AI score0.0008EPSS

Exploits0References1

Cvelist•added 2025/08/14 4:27 p.m.•7 views

CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious...

6.7CVSS0.00135EPSS

Exploits0References2

CNNVD•added 2025/06/30 12:0 a.m.•3 views

D-Link DI-7300G+ 安全漏洞

The D-Link DI-7300G+ is a ruggedized, enterprise-grade smart gateway from China-based D-Link. The D-Link DI-7300G+ suffers from a command injection vulnerability that is caused by a flaw in httpddebug.asp. An attacker can exploit this vulnerability to execute arbitrary operating system commands o...

9.8CVSS8.1AI score0.03413EPSS

Exploits0References6

OSV•added 2025/06/06 7:15 p.m.•2 views

CVE-2025-5474

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target syst...

7.3CVSS6.1AI score0.00269EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by