CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

4.7CVSS6.7AI score0.00112EPSS

Exploits1References17

RedhatCVE•added 2025/05/23 7:49 a.m.•5 views

CVE-2024-20900

Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication...

4CVSS6.9AI score0.00102EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:10 p.m.•5 views

CVE-2022-39308

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS6.6AI score0.00406EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:43 a.m.•3 views

CVE-2019-5954

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors...

9.1CVSS6.9AI score0.00223EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 2:44 a.m.•4 views

CVE-2013-4967

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes...

5CVSS7.1AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 9:44 a.m.•8 views

CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images...

5.5CVSS6.6AI score0.00062EPSS

Exploits0References1

Positive Technologies•added 2025/04/18 12:0 a.m.•3 views

PT-2025-17337 · Seclore · Seclore

Name of the Vulnerable Software and Affected Versions: Seclore version 3.27.5.0 Description: An issue in the login page of Seclore allows attackers to bypass authentication via a brute force attack. Recommendations: For version 3.27.5.0, consider temporarily restricting access to the login page...

9.8CVSS6.4AI score0.00028EPSS

Exploits1References6

RedhatCVE•added 2025/04/10 5:57 a.m.•4 views

CVE-2025-20940

Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS...

4CVSS6.6AI score0.0009EPSS

Exploits0References1

Cvelist•added 2025/04/09 2:25 a.m.•5 views

CVE-2025-29988

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution...

6.9CVSS0.00096EPSS

Exploits0References1

Microsoft CVE•added 2024/04/15 7:0 a.m.•1 views

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

...

7.1CVSS7AI score0.00044EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by