CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2126 matches found

OSV•added 2025/02/05 6:41 p.m.•6 views

CVE-2025-24804 Partial Denial of Service (DoS) in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

4.8CVSS6.4AI score0.0043EPSS

Exploits1References5

RedhatCVE•added 2025/02/05 3:42 p.m.•8 views

CVE-2020-5237

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem potentially leading to arbitrary code execution via the 1 filename parameter to BlueimpController.php; the 2 dzchunkindex...

8.8CVSS7.5AI score0.03929EPSS

Exploits1

RedhatCVE•added 2025/02/05 1:1 p.m.•10 views

CVE-2024-25625

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...

9.3CVSS7AI score0.00682EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 7:39 a.m.•8 views

CVE-2024-23648

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

8.8CVSS6.7AI score0.00827EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 7:33 a.m.•8 views

CVE-2024-23646

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

8.8CVSS8AI score0.00755EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 3:36 a.m.•3 views

CVE-2024-45592

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

8.2CVSS6.9AI score0.00421EPSS

Exploits0References1

CNNVD•added 2025/02/05 12:0 a.m.•3 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

4.8CVSS6.4AI score0.0043EPSS

Exploits1References3

Positive Technologies•added 2025/02/05 12:0 a.m.•4 views

PT-2025-5746 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...

4.8CVSS6.6AI score0.0043EPSS

Exploits1References12

Positive Technologies•added 2025/02/05 12:0 a.m.•4 views

PT-2025-5745

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...

8.5CVSS5.6AI score0.00358EPSS

Exploits1References14