CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

7.3CVSS6.7AI score0.00711EPSS

Exploits0References3

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•2 views

Malicious code in view-user-code-proxy-emulate (npm)

The package view-user-code-proxy-emulate was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/08/14 6:52 p.m.•3 views

MAL-2025-38374 Malicious code in view-user-code-proxy-emulate (npm)

The package view-user-code-proxy-emulate was found to contain malicious code...

7.2AI score

Exploits0

CVE•added 2025/08/12 8:44 p.m.•19 views

CVE-2025-54187

CVE-2025-54187 applies to Substance3D Painter versions up to 11.0.2, which are affected by an out-of-bounds write vulnerability that could allow arbitrary code execution under the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected vendors list Adob...

7.8CVSS7.6AI score0.00181EPSS

Exploits0References1Affected Software1

NVD•added 2025/07/29 7:15 p.m.•3 views

CVE-2025-33092

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system...

7.8CVSS0.00132EPSS

Exploits0References1

RedhatCVE•added 2025/06/12 5:5 p.m.•7 views

CVE-2025-33112

IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input...

8.4CVSS8.4AI score0.00191EPSS

Exploits0References1

CVE•added 2025/06/10 12:13 a.m.•55 views

CVE-2025-42993

Summary: CVE-2025-42993 affects SAP S/4HANA (Enterprise Event Enablement). A missing authorization check allows an attacker with access to Inbound Binding Configuration to create an RFC destination and assign a high-privilege user, enabling code execution under that user’s privileges. Impact is l...

6.7CVSS6.8AI score0.0036EPSS

Exploits0References2

CVE•added 2025/02/20 4:2 p.m.•63 views

CVE-2025-0161

IBM Security Verify Access Appliance (Affecting 10.0.0.0–10.0.9.0 and 11.0.0.0) is vulnerable to local code execution due to improper restrictions on code generation (CWE-94). The IBM Security Bulletin details that a local user could exploit this to execute arbitrary code. Remediation is to upgra...

7.8CVSS7.8AI score0.00224EPSS

Exploits0References1Affected Software1

OpenVAS•added 2024/12/25 12:0 a.m.•12 views

Mageia: Security Advisory (MGASA-2024-0397)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS9.6AI score0.00514EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by