CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

4.7CVSS6.7AI score0.00641EPSS

Exploits1References17

RedhatCVE•added 2025/05/23 7:49 a.m.•14 views

CVE-2024-20900

Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication...

4CVSS6.9AI score0.00136EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:10 p.m.•13 views

CVE-2022-39308

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS6.6AI score0.00622EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:43 a.m.•5 views

CVE-2019-5954

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors...

9.1CVSS6.9AI score0.01921EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 2:44 a.m.•6 views

CVE-2013-4967

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes...

5CVSS7.1AI score0.01266EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 9:44 a.m.•11 views

CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images...

5.5CVSS6.6AI score0.00129EPSS

Exploits0References1

Positive Technologies•added 2025/04/18 12:0 a.m.•5 views

PT-2025-17337 · Seclore · Seclore

Name of the Vulnerable Software and Affected Versions: Seclore version 3.27.5.0 Description: An issue in the login page of Seclore allows attackers to bypass authentication via a brute force attack. Recommendations: For version 3.27.5.0, consider temporarily restricting access to the login page...

9.8CVSS6.4AI score0.00542EPSS

Exploits1References6

RedhatCVE•added 2025/04/10 5:57 a.m.•6 views

CVE-2025-20940

Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS...

4CVSS6.6AI score0.0013EPSS

Exploits0References1

Cvelist•added 2025/04/09 2:25 a.m.•9 views

CVE-2025-29988

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution...

6.9CVSS0.00146EPSS

Exploits0References1

Microsoft CVE•added 2024/04/15 7:0 a.m.•9 views

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

...

7.1CVSS7AI score0.0036EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by