CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

Debian CVE•added 2025/07/22 9:34 p.m.•3 views

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

8.1CVSS6AI score0.00562EPSS

Exploits0

Cvelist•added 2025/07/15 1:2 p.m.•9 views

CVE-2025-34105 DiskBoss Enterprise Stack-Based Buffer Overflow RCE

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote...

10CVSS0.00999EPSS

Exploits0References4

CVE•added 2025/07/08 4:57 p.m.•63 views

CVE-2025-49735

CVE-2025-49735 describes a use-after-free vulnerability in Windows KDC Proxy Service (KPSSVC) that could allow remote code execution over the network. The entry is publicly tracked with a Network attack vector, high impact on confidentiality, integrity, and availability (CVSS v3.1 base score 8.1)...

8.1CVSS7.3AI score0.01061EPSS

Exploits0References1Affected Software6

Cvelist•added 2025/07/08 4:57 p.m.•6 views

CVE-2025-49674 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

8.8CVSS0.00748EPSS

Exploits0References1

Vulnrichment•added 2025/07/08 4:57 p.m.•3 views

CVE-2025-49670 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

6.5CVSS7.2AI score0.00852EPSS

Exploits0References1

Rapid7 Blog•added 2025/06/10 8:8 p.m.•50 views

Patch Tuesday - June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...

9.8CVSS9.5AI score0.81558EPSS

Exploits35

Cvelist•added 2025/06/10 5:2 p.m.•13 views

CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

8.8CVSS0.00951EPSS

Exploits0References1

Cvelist•added 2025/06/10 5:2 p.m.•11 views

CVE-2025-33064 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

8.8CVSS0.01114EPSS

Exploits0References1

CVE•added 2025/05/27 12:29 p.m.•101 views

CVE-2025-5265

CVE-2025-5265 concerns Firefox on Windows where the Copy as cURL feature improperly escapes the ampersand, enabling a crafted command to trigger local code execution. The impact is described as potentially allowing arbitrary code execution on the user’s system when the user runs the affected curl...

4.8CVSS6.7AI score0.00141EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/05/22 9:52 p.m.•6 views

CVE-2022-27592

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following...

6.7CVSS7.3AI score0.00192EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:38 p.m.•6 views

CVE-2020-10964

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename...

9.8CVSS8AI score0.02793EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:6 p.m.•6 views

CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...

10CVSS7.4AI score0.02868EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:44 a.m.•7 views

CVE-2019-6232

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution...

7.6CVSS7AI score0.01171EPSS

Exploits0References1

Positive Technologies•added 2025/05/13 12:0 a.m.•2 views

PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2

Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...

7.3CVSS7AI score0.00187EPSS

Exploits1References10

Vulnrichment•added 2025/04/08 5:23 p.m.•11 views

CVE-2025-26674 Windows Media Remote Code Execution Vulnerability

...

7.8CVSS7.2AI score0.00555EPSS

Exploits0References1

Vulnrichment•added 2025/04/08 5:23 p.m.•10 views

CVE-2025-26668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

7.5CVSS7.2AI score0.01059EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:3 p.m.•18 views

CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS8.7AI score0.01435EPSS

Exploits0References1

NVD•added 2024/12/12 2:4 a.m.•11 views

CVE-2024-49108

Windows Remote Desktop Services Remote Code Execution Vulnerability...

8.1CVSS0.01169EPSS

Exploits0References1

Vulnrichment•added 2024/09/16 6:40 a.m.•16 views

CVE-2024-39613 RCE in desktop app in Windows by local attacker

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

5.3CVSS7.6AI score0.00299EPSS

Exploits0References1