CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2972 matches found

OSV•added 2025/11/05 6:41 p.m.•2 views

GO-2025-4020 DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode

DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode...

6.5CVSS7AI score0.00354EPSS

Exploits1References2

Tenable Nessus•added 2025/11/05 12:0 a.m.•3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989207 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341...

5.5CVSS5.9AI score0.00248EPSS

Exploits0References4

AstraLinux•added 2025/11/01 10:54 a.m.•2 views

Astra Linux – Vulnerability in Python 3.11

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler, your usage is not affected. To work around this issue, you can stop using the error handling mechanism and instead wrap the...

5.9CVSS6.1AI score0.00169EPSS

Exploits0References3

Redos•added 2025/10/31 12:0 a.m.•3 views

ROS-20251031-05

A vulnerability in the nvdisasm command line utility of the NVIDIA CUDA Toolkit parallel computing software toolkit is related to reading outside the allowed range. NVIDIA CUDA Toolkit GPUs is related to reading outside the allowed range in memory. memory. Exploitation of the vulnerability could...

7.8CVSS7.8AI score0.00207EPSS

Exploits0

Positive Technologies•added 2025/10/31 12:0 a.m.•5 views

PT-2025-44657

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 9.1.0u.6115 B20201022 Description The software contains a stack overflow issue through the ssid5g parameter within the urldecode function. A crafted request can lead to a Denial of Service DoS. Recommendations At the...

9CVSS6.7AI score0.00344EPSS

Exploits1References6

RedhatCVE•added 2025/10/30 4:18 p.m.•14 views

CVE-2025-62786

Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decodewinpermissions, resulting in writing a NULL byte 2 bytes before the start of the buffer allocated to decodedit. A compromised agent can potentially levera...

8.1CVSS8.1AI score0.00605EPSS

Exploits1References1

NVD•added 2025/10/30 10:15 a.m.•5 views

CVE-2025-40105

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls openbyhandleat on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfsdecodefhraw will then try to conne...

0.00175EPSS

Exploits0References8

Redos•added 2025/10/30 12:0 a.m.•4 views

ROS-20251030-09

A vulnerability in the qDecodeDataUrl function of the QtCore module of the Qt cross-platform development framework Qt software development framework is related to insufficient input data validation when processing the parameter charset. Exploitation of the vulnerability could allow an attacker...

8.4CVSS6.8AI score0.00309EPSS

Exploits0

Redos•added 2025/10/30 12:0 a.m.•6 views

ROS-20251030-10

8.4CVSS6.8AI score0.00309EPSS

Exploits0

NVD•added 2025/10/29 5:15 p.m.•4 views

CVE-2025-62791

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...

7.5CVSS0.00279EPSS

Exploits0References1

CVE•added 2025/10/29 4:48 p.m.•10 views

CVE-2025-62791

CVE-2025-62791 (Wazuh) : Prior to 4.11.0, DecodeCiscat() does not check the return value of cJSON_GetObjectItem(), allowing a NULL dereference when handling errors. A crafted agent message to the Wazuh manager can cause analysisd to crash and become unavailable. The issue is fixed in 4.11.0. Impa...

7.5CVSS6.3AI score0.00279EPSS

Exploits0References1Affected Software1

CVE•added 2025/10/29 4:30 p.m.•14 views

CVE-2025-62787

Wazuh prior to version 4.10.2 is affected by a buffer over-read in DecodeWinevt() caused by an incorrect index when accessing child_attr[p]->attributes[j]. A compromised agent can cause a read past the end of the allocated buffer, potentially exposing sensitive data, particularly when analysis...

7.5CVSS6.4AI score0.00331EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/10/29 4:30 p.m.•6 views

CVE-2025-62787 Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

2.1CVSS0.00331EPSS

Exploits1References2

OSV•added 2025/10/29 4:30 p.m.•4 views

CVE-2025-62787 Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt

2.1CVSS6.8AI score0.00331EPSS

Exploits1References4

NVD•added 2025/10/29 4:15 p.m.•4 views

CVE-2025-62786

8.1CVSS0.00605EPSS

Exploits1References2

CVE•added 2025/10/29 3:52 p.m.•14 views

CVE-2025-62786

CVE-2025-62786 affects Wazuh. The issue is a heap-based out-of-bounds write in the decode_win_permissions path, writing a NULL byte 2 bytes before the start of the buffer allocated to decoded_it. A compromised agent can potentially leverage this to achieve remote code execution on the Wazuh manag...

8.1CVSS7.8AI score0.00605EPSS

Exploits1References2Affected Software1