CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

NVD•added 2026/01/13 7:16 p.m.•7 views

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

10CVSS0.00536EPSS

Exploits0References1

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2420

Name of the Vulnerable Software and Affected Versions Inbit Messenger versions 4.6.0 through 4.9.0 Description A remote stack-based buffer overflow exists in Inbit Messenger that allows unauthenticated attackers to execute arbitrary code. This is achieved by sending malformed network packets to t...

9.8CVSS7.8AI score0.00679EPSS

Exploits1References8

CVE•added 2026/01/09 4:41 p.m.•19 views

CVE-2020-36875

AccessAlly WordPress plugin

9.3CVSS8.5AI score0.00746EPSS

Exploits0References3

Vulnrichment•added 2026/01/09 4:41 p.m.•4 views

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

9.3CVSS8.5AI score0.00746EPSS

Exploits0References3

Cvelist•added 2026/01/09 4:41 p.m.•23 views

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

9.3CVSS0.00746EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:58 a.m.•7 views

CVE-2020-7128

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

10CVSS8AI score0.02114EPSS

Exploits0References1

OSV•added 2026/01/08 7:15 p.m.•4 views

CVE-2025-67325

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution...

9.8CVSS6.2AI score0.00832EPSS

Exploits2References2

RedhatCVE•added 2026/01/07 9:9 a.m.•5 views

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

9.3CVSS7.7AI score0.00523EPSS

Exploits0References1

Positive Technologies•added 2025/12/30 12:0 a.m.•4 views

PT-2025-53860

Name of the Vulnerable Software and Affected Versions DVP-12SE11T affected versions not specified Description The issue is an out-of-bounds memory write affecting the DVP-12SE11T device. Exploitation may allow a remote attacker to disclose protected information and cause a denial of service. Some...

9.8CVSS7.2AI score0.00288EPSS

Exploits0References11

CVE•added 2025/12/17 7:3 p.m.•16 views

CVE-2025-62521

Summary: CVE-2025-62521 affects ChurchCRM before 5.21.0. A pre-authentication RCE exists in the setup wizard due to unsanitized user input in setup/routes/setup.php, which is directly concatenated into a PHP configuration template and written to Include/Config.php, then executed on every page loa...

10CVSS7.9AI score0.04151EPSS

Exploits3References1Affected Software1

Cvelist•added 2025/12/17 7:3 p.m.•24 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.04151EPSS

Exploits3References1

Vulnrichment•added 2025/12/17 7:3 p.m.•6 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

10CVSS7.9AI score0.04151EPSS

Exploits3References1

GithubExploit•added 2025/12/14 1:38 a.m.•135 views

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077 - MadLicense !Pythonhttps://img.shields.i...

9.8CVSS9.4AI score0.75365EPSS

Exploits5

GithubExploit•added 2025/12/13 3:48 a.m.•254 views

Exploit for Deserialization of Untrusted Data in Facebook React

ReactOOPS - HTB Web Challenge Writeup...

10CVSS8.4AI score0.99986EPSS

Exploits400

Vulnrichment•added 2025/12/09 4:5 p.m.•3 views

CVE-2025-13662

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required...

7.8CVSS7.2AI score0.00475EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•3 views

PT-2025-50088

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 SR1 Description A flaw exists in the patch management component of Ivanti Endpoint Manager that involves improper verification of cryptographic signatures. This allows a remote, unauthenticate...

7.8CVSS7.3AI score0.00475EPSS

Exploits0References6

RedhatCVE•added 2025/12/05 9:34 p.m.•5 views

CVE-2025-66576

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

9.8CVSS7.8AI score0.01055EPSS

Exploits1References1

NVD•added 2025/12/05 6:15 p.m.•3 views

CVE-2020-36881

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...

8.6CVSS0.00315EPSS

Exploits1References5