CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

EUVD•added 2026/02/24 5:52 a.m.•4 views

EUVD-2025-207549

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

5.1CVSS5.2AI score0.00181EPSS

Exploits1References5

Snyk•added 2026/01/30 8:53 p.m.•1 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the automatic loading and execution of .psysh.php from the current working directory during startup. An attacker can execute arbitrary code with the privileges of the victim process by placing a...

7.3CVSS6.2AI score0.00007EPSS

Exploits1References2

UbuntuCve•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

5.7AI score0.00052EPSS

Exploits0References36

VulnCheck KEV•added 2025/12/15 12:0 a.m.•12 views

VulnCheck KEV: CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

3.5CVSS5.9AI score0.00288EPSS

In wildExploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-0669

Malware in sbrugna...

5.5CVSS6.2AI score0.00067EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28592

Malicious code in bioql PyPI...

5.1CVSS4.5AI score0.00288EPSS

Exploits2References3

Cvelist•added 2025/09/29 12:0 a.m.•5 views

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

6.8CVSS0.00021EPSS

Exploits0References1

RedhatCVE•added 2025/08/23 12:23 a.m.•3 views

CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

3.5CVSS7.4AI score0.00288EPSS

Exploits1References1

NVD•added 2025/08/21 6:15 p.m.•5 views

CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

3.5CVSS0.00288EPSS

Exploits1References3

CVE•added 2025/08/21 12:0 a.m.•24 views

CVE-2025-55523

Agent-Zero CVE-2025-55523 affects v0.8.0–0.9.4 and is caused by improper validation in /api/download_work_dir_file.py that enables a path traversal, allowing arbitrary file download via a crafted request. Impacts include access to unauthorized files. Remediation: update to the latest Agent-Zero v...

3.5CVSS7.3AI score0.00288EPSS

In wildExploits1References3Affected Software1

Positive Technologies•added 2025/08/21 12:0 a.m.•4 views

PT-2025-34265

Name of the Vulnerable Software and Affected Versions: Agent-Zero versions 0.8.0 through 0.8.9 Description: An issue exists in the /api/download work dir file.py component that allows attackers to execute a directory traversal. Recommendations: At the moment, there is no information about a newer...

5.1CVSS4.7AI score0.00288EPSS

Exploits2References8

OSV•added 2025/08/07 9:15 p.m.•4 views

CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...

3.7CVSS6.8AI score0.00164EPSS

Exploits0References4

CNNVD•added 2025/06/20 12:0 a.m.•1 views

PHPGurukul Directory Management System 注入漏洞

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/manage-directory.php. An attacker can explo...

8.8CVSS8.2AI score0.00197EPSS

Exploits1References6

CVE•added 2024/10/03 3:24 p.m.•70 views

CVE-2024-36474

Summary: CVE-2024-36474 affects the GNOME libgsf library (G Structured File Library), specifically the Compound Document Binary File format parser in version 1.14.52. A crafted file can trigger an integer overflow while processing the directory, allowing an out-of-bounds access and potentially ar...

8.4CVSS8.6AI score0.00054EPSS

Exploits0References4Affected Software1

OSV•added 2024/06/16 1:15 p.m.•0 views

UBUNTU-CVE-2024-38441

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...

9.8CVSS7.5AI score0.00718EPSS

Exploits1References4

SUSE CVE•added 2023/07/01 1:27 a.m.•1 views

SUSE CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

5.5CVSS6.6AI score0.00014EPSS

Exploits1References6

OpenVAS•added 2022/07/31 12:0 a.m.•7 views

Fedora: Security Advisory for gobuster (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2