CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin...

8.8CVSS7.1AI score0.00374EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 8:25 p.m.•4 views

CVE-2002-1871

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" question mark in the 1 mode, 2 owner, or 3 group fields, which allows attackers to elevate privileges...

7.2CVSS6.8AI score0.00056EPSS

Exploits0References1

NVD•added 2025/03/20 10:15 a.m.•2 views

CVE-2024-8248

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2...

7.2CVSS0.00304EPSS

Exploits1References2

RedhatCVE•added 2025/02/06 1:44 a.m.•12 views

CVE-2022-43517

A vulnerability has been identified in Simcenter STAR-CCM+ All versions V2306. The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain...

7.8CVSS6.6AI score0.00082EPSS

Exploits0References1

CNNVD•added 2025/01/30 12:0 a.m.•2 views

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

8.8CVSS6.8AI score0.00549EPSS

Exploits0References1

CVE•added 2025/01/18 3:8 p.m.•53 views

CVE-2024-51448

CVE-2024-51448 affects IBM Robotic Process Automation versions 21.0.0–21.0.7.17 and 23.0.0–23.0.18. The root cause is insecure inherited permissions: all install files inherit the parent directory’s permissions, allowing a non-privileged user to substitute any executable for the nssm.exe service....

6.7CVSS6.6AI score0.00031EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/03/31 12:0 a.m.•7 views

CVE-2022-47191 Privilege Escalation via file upload vulnerability at Generex CS141

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges...

4.3CVSS8.8AI score0.00327EPSS

Exploits0References3

Vulnrichment•added 2023/03/03 12:0 a.m.•5 views

CVE-2022-45988

starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload...

7.9AI score0.00752EPSS

Exploits1References2

UbuntuCve•added 2022/01/20 2:0 p.m.•48 views

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

7.8CVSS7.4AI score0.00038EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by