CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9.8CVSS7.4AI score0.00454EPSS

ChanCMS 安全漏洞

ChanCMS is a content management system by yanyutao0402 individual developer in China. A security vulnerability exists in ChanCMS version 3.3.4, which originates from a template injection in the /vip/v1/file/save component, which may result in the execution of arbitrary code...

8.5CVSS7.1AI score0.00104EPSS

Lenovo Baiying Client 安全漏洞

Lenovo Baiying Client is a digital service and device management platform from Lenovo China. A security vulnerability exists in Lenovo Baiying Client that stems from improper privileges and could lead to the execution of arbitrary code by a locally authenticated user...

Exploits0References2

Cvelist•added 2025/12/10 12:0 a.m.•18 views

CVE-2025-24857

Improper access control for volatile memory containing boot code in Universal Boot Loader U-Boot before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code...

7.6CVSS0.00239EPSS

Vulnrichment•added 2025/12/10 12:0 a.m.•2 views

CVE-2025-24857

7.6CVSS7.2AI score0.00239EPSS

CNNVD•added 2025/12/10 12:0 a.m.•2 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A code issue vulnerability exists in Adobe ColdFusion versions 2025.4, 2023.16, 2021.22, and prior...

9.1CVSS6.8AI score0.08453EPSS

Zero Day Initiative•added 2025/12/10 12:0 a.m.•10 views

(0Day) (Pwn2Own) oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CM...

3.3CVSS6.1AI score0.00297EPSS

8.4CVSS6.1AI score0.037EPSS

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

CNNVD•added 2025/12/10 12:0 a.m.•2 views

Adobe ColdFusion 代码问题漏洞

8.4CVSS6.6AI score0.08031EPSS

9.3CVSS5.7AI score0.00698EPSS

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

Kaspersky•added 2025/12/10 12:0 a.m.•4 views

KLA90819 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in Password Manager can be exploited to cause denial of service ...

8.8CVSS8.4AI score0.22359EPSS

Exploits10References3

CNNVD•added 2025/12/10 12:0 a.m.•1 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.110, which stems from an out-of-bounds memory access in the ANGLE component that could lead to the execution of arbitrary code...

8.8CVSS7.7AI score0.22359EPSS

Exploits10References5

CNVD•added 2025/12/10 12:0 a.m.•3 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079790)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability, which originat...

9.8CVSS8.2AI score0.00694EPSS

Exploits1References1

8.5CVSS7.2AI score0.00116EPSS

Lenovo One Client 安全漏洞

Lenovo One Client is a one-stop service and system management software from Lenovo China. A security vulnerability exists in Lenovo One Client that stems from a potential DLL hijacking that could lead to the execution of arbitrary code by a locally authenticated user...

Vulnrichment•added 2025/12/10 12:0 a.m.•4 views

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

7.7AI score0.00454EPSS

9.3CVSS5.7AI score0.00396EPSS

Adobe Experience Manager 跨站脚本漏洞

Positive Technologies•added 2025/12/10 12:0 a.m.•5 views

PT-2025-50370

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

9.3CVSS6.4AI score0.00698EPSS

Positive Technologies•added 2025/12/10 12:0 a.m.•6 views

PT-2025-50489

Name of the Vulnerable Software and Affected Versions ChanCMS version 3.3.4 Description A template injection issue exists in the /vip/v1/file/save component. Attackers can execute arbitrary code by submitting a specially crafted POST request. The vulnerable component is the /vip/v1/file/save API...

7.7AI score0.00454EPSS

Exploits0References6

CVE•added 2025/12/10 12:0 a.m.•13 views

CVE-2025-65754

CVE-2025-65754 concerns Algernon v1.17.4, where cross-site scripting via a crafted payload in a filename can lead to arbitrary code execution. Multiple sources confirm the issue exists in Algernon, with CVSS-like context indicating attacker interaction and limited privileges. Reported affected co...

6.1CVSS6.7AI score0.00386EPSS

Exploits2References3Affected Software1