CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2026/01/09 12:46 p.m.•8 views

CVE-2005-1449

Unknown vulnerability in serendipityconfiglocal.inc.php for Serendipity before 0.8 has unknown impact...

10CVSS7AI score0.01412EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-1452

Malware in sbrugna...

10CVSS6.4AI score0.01412EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-7505

Malicious code in bioql PyPI...

4.6CVSS4AI score0.00243EPSS

Exploits1References4

NVD•added 2025/07/21 10:15 a.m.•4 views

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

8.8CVSS0.00937EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:34 a.m.•4 views

CVE-2023-46052

Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file...

7AI score0.00364EPSS

Exploits1

RedhatCVE•added 2025/05/23 2:21 a.m.•10 views

CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.8CVSS7.5AI score0.01096EPSS

Exploits1References1

RedhatCVE•added 2025/03/01 4:23 p.m.•15 views

CVE-2025-0914

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

3.8CVSS6.6AI score0.00215EPSS

Exploits0References1

Vulnrichment•added 2024/01/26 12:0 a.m.•2 views

CVE-2023-38319

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.7AI score0.01096EPSS

Exploits1References4

Vulnrichment•added 2024/01/26 12:0 a.m.•4 views

CVE-2023-38323

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.7AI score0.01096EPSS

Exploits1References4

OSV•added 2020/05/13 2:23 p.m.•12 views

SUSE-SU-2020:1273-1 Security update for grafana

This update for grafana to version 4.6.5 fixes the following issues: Security issues fixed: - CVE-2019-15043: Added authentication to a few rest endpoints jscSOC-10357, bsc1148383. - CVE-2018-19039: Fixed File Exfiltration vulnerability jscSOC-9976 bsc1115960. - CVE-2018-15727: Fixed an LDAP and...

9.8CVSS7AI score0.64284EPSS

Exploits4References13

CVE•added 2019/06/14 5:2 p.m.•141 views

CVE-2019-2257

CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...

7.8CVSS7.6AI score0.00182EPSS

Exploits0References1Affected Software1

NVD•added 2017/05/06 12:29 a.m.•18 views

CVE-2017-7925

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...

9.8CVSS9.3AI score0.52059EPSS

Exploits0References3

Tenable Nessus•added 2004/08/30 12:0 a.m.•28 views

GLSA-200405-03 : ClamAV VirusEvent parameter vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-03 ClamAV VirusEvent parameter vulnerability The VirusEvent parameter in the clamav.conf configuration file allows to specify a system command to run whenever a virus is found. This system command can make use of the '%f'...

4.6CVSS5.9AI score0.00585EPSS

Exploits1References3

FreeBSD•added 2004/06/29 12:0 a.m.•11 views

Remote code injection in phpMyAdmin

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php...

3.8AI score

Exploits0References4

exploitpack•added 2003/04/26 12:0 a.m.•9 views

Mike Bobbitt Album.PL 0.61 - Remote Command Execution

Mike Bobbitt Album.PL 0.61 - Remote Command Execution source: https://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this...

7.7AI score

Exploits0

NVD•added 2002/05/31 4:0 a.m.•15 views

CVE-2002-0274

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C configuration file and other command line arguments...

4.6CVSS7.2AI score0.0038EPSS

Exploits0References4

FreeBSD Advisory•added 2000/07/05 12:0 a.m.•3 views

FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

6.1AI score

Exploits0