CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-1883

Malware in sbrugna...

7.3CVSS7.9AI score0.00059EPSS

Exploits0References6

Zero Day Initiative•added 2025/07/31 12:0 a.m.•6 views

(Pwn2Own) QNAP QHora-322 SSH Use of Weak Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default SSH credentials. The issue results from the use of the WAN M...

7.5CVSS7AI score

Exploits0References1

Vulnrichment•added 2025/06/21 12:9 a.m.•4 views

CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

6.3CVSS6.4AI score0.0007EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 3:22 a.m.•3 views

CVE-2023-24533

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this...

7.5CVSS6.7AI score0.00232EPSS

Exploits0References1

RedhatCVE•added 2025/04/25 8:57 p.m.•4 views

CVE-2025-1050

Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...

8.8CVSS7.9AI score0.00642EPSS

Exploits0References3

Cvelist•added 2025/04/15 4:32 p.m.•14 views

CVE-2025-32776 OpenRazer Vulnerable to Out of Bounds Read

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

5.5CVSS0.00047EPSS

Exploits0References4

Securelist•added 2024/11/29 10:0 a.m.•23 views

IT threat evolution in Q3 2024. Non-mobile statistics

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data...

9.8CVSS7.1AI score0.7912EPSS

Exploits0

Malwarebytes•added 2024/02/09 3:52 p.m.•21 views

Ransomware in 2023 recap: 5 key takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...

7.3AI score

Exploits0

Debian CVE•added 2022/03/09 7:30 p.m.•66 views

CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...

4.6CVSS3.4AI score0.00849EPSS

Exploits0

CVE•added 2022/03/09 7:30 p.m.•143 views

CVE-2022-24349

CVE-2022-24349: In Zabbix, an authenticated user can create a hosts group with a stored XSS payload that becomes available to other users. When users search groups (and similar vectors described in the Debian/SUSE advisories), the XSS payload can execute in the victim’s browser, enabling actions ...

4.6CVSS5AI score0.00849EPSS

Exploits0References7Affected Software1

CNVD•added 2021/07/25 12:0 a.m.•8 views

Weak password vulnerability in Huawei USG5120HSR

Founded in 1987, Huawei is a provider of ICT information and communications infrastructure and smart terminals. A weak password vulnerability exists in Huawei USG5120HSR, which can be exploited by an attacker to log into the backend with a weak password and obtain sensitive information...

7AI score

Exploits0

CNVD•added 2021/07/06 12:0 a.m.•22 views

Unauthorized Access Vulnerability in SINDOH A601_A606 at SINDOH (Qingdao) Office Systems Co.

Xindu Qingdao Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales service. SINDOH A601A606 of SINDOH Qingdao Office Systems Co., Ltd. has an unauthorized access vulnerability, which can be exploited by an...

6.9AI score

Exploits0

NVD•added 2021/04/14 11:15 p.m.•12 views

CVE-2021-27180

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail aka WorldClient. It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user...

6.1CVSS0.00308EPSS

Exploits1References2

Securelist•added 2021/03/25 10:0 a.m.•46 views

Threat landscape for industrial automation systems. Statistics for H2 2020

Figures Indicator | H1 2020 | H2 2020 | 2020 ---|---|---|--- Global percentage of attacked ICS computers | 32.6% | 33.42% | 38.55% Percentage of attacked ICS computers by region Northern Europe | 10.1% | 11.5% | 12.3% Western Europe | 15.1% | 14.8% | 17.6% Australia | 16.3% | 17.0% | 18.9% United...

1.9AI score

Exploits0

Qualys Blog•added 2020/08/11 7:2 p.m.•782 views

August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 120 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Media Foundation, .NET Framework, Browsers, Scripting Engines, Office, Outlook, Windows Codecs and several other workstation vulnerabilities. Adobe release...

9.3CVSS1.3AI score0.91733EPSS

Exploits3

NVD•added 2019/12/30 4:15 p.m.•14 views

CVE-2018-1682

IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238...

5.3CVSS4.9AI score0.0026EPSS

Exploits0References2

Qualys Blog•added 2019/12/10 7:4 p.m.•66 views

December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns

This month's Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attacked "Important" vuln in Win32k. Adobe released patch...

9.3CVSS1.8AI score0.92042EPSS

Exploits10

Qualys Blog•added 2019/11/12 7:28 p.m.•492 views

November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe

This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft...

9CVSS1.6AI score0.83036EPSS

Exploits3

Prion•added 2019/07/26 12:15 a.m.•16 views

Cross site scripting

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...

3.5CVSS5.3AI score0.00185EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/07/25 11:2 p.m.•15 views

CVE-2019-1010147

5.3AI score0.00185EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by