CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

9.9CVSS7.2AI score0.86268EPSS

Exploits14References3

EUVD•added 2025/10/03 6:38 p.m.•3 views

EUVD-2025-32328

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

6CVSS6AI score0.00711EPSS

Exploits0References3

FreeBSD•added 2025/10/03 12:0 a.m.•8 views

redis,valkey -- Running Lua function as a different user

redis reports: An authenticated user may use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem withou...

7.3CVSS6.9AI score0.00711EPSS

Exploits0References1

RedhatCVE•added 2025/09/25 2:54 p.m.•3 views

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.8AI score0.02275EPSS

Exploits3References1

NVD•added 2025/09/24 2:15 p.m.•3 views

CVE-2025-48868

7.2CVSS0.02275EPSS

Exploits3References4

OSV•added 2025/09/24 1:51 p.m.•3 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

7.2CVSS8.9AI score0.02275EPSS

Exploits3References6

Vulnrichment•added 2025/09/24 1:51 p.m.•2 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

7.2CVSS8.5AI score0.02275EPSS

Exploits3References4

Positive Technologies•added 2025/09/24 12:0 a.m.•5 views

PT-2025-39264

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.3.1 Description Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE issue exists due to the unsafe use of Python’s eval function on a user-controlled...

7.2CVSS8.5AI score0.02275EPSS

Exploits3References9

vulnersOsv•added 2025/09/18 1:2 p.m.•6 views

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1042 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.2-alpha, =1.0.0, =1.3.0-alpha.0 and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...

7.3CVSS5.4AI score0.00413EPSS

Exploits1

vulnersOsv•added 2025/09/17 10:41 p.m.•1 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23316 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23316 Source advisory:...

9.8CVSS5.8AI score0.00663EPSS

Exploits0

vulnersOsv•added 2025/09/17 10:41 p.m.•1 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23336 via nvidia-pytriton (=0.7.0)

7.5CVSS5.8AI score0.00322EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by