CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

924 matches found

OSV•added 2025/09/24 2:15 p.m.•0 views

UBUNTU-CVE-2025-23255

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service...

3.3CVSS5.8AI score0.00146EPSS

Exploits0References2

CNNVD•added 2025/09/24 12:0 a.m.•1 views

NVIDIA CUDA toolkit 缓冲区错误漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A buffer error vulnerability exists in NVIDIA CUDA Toolkit, which stems from an out-of-bounds read in the cuobjdump binary when processing...

3.3CVSS6.2AI score0.00146EPSS

Exploits0References4

RedhatCVE•added 2025/09/20 7:12 p.m.•4 views

CVE-2025-47906

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned. Mitigation Mitigation for this issue is either not available or the...

6.5CVSS6AI score0.00489EPSS

Exploits1References7

OSV•added 2025/09/20 8:43 a.m.•4 views

BIT-GOLANG-2025-47906 Unexpected paths returned from LookPath in os/exec

6.5CVSS6.1AI score0.00489EPSS

Exploits1References6

OSV•added 2025/09/18 7:15 p.m.•2 views

DEBIAN-CVE-2025-47906

6.5CVSS6.5AI score0.00489EPSS

Exploits1References1

OSV•added 2025/09/18 7:15 p.m.•6 views

AZL-66128 CVE-2025-47906 affecting package golang for versions less than 1.22.7-5

6.5CVSS6.7AI score0.00489EPSS

Exploits1References1

NVD•added 2025/09/18 7:15 p.m.•6 views

CVE-2025-47906

6.5CVSS0.00489EPSS

Exploits1References5

OSV•added 2025/09/18 7:15 p.m.•6 views

AZL-67512 CVE-2025-47906 affecting package golang for versions less than 1.18.8-10

6.5CVSS6.7AI score0.00489EPSS

Exploits1References1

OSV•added 2025/09/18 7:15 p.m.•1 views

UBUNTU-CVE-2025-47906

6.5CVSS6.8AI score0.00489EPSS

Exploits1References6

CVE•added 2025/09/18 6:41 p.m.•478 views

CVE-2025-47906

The CVE-2025-47906 issue affects Go (golang) tooling, specifically the os/exec LookPath behavior: if PATH contains executable entries, LookPath("", "." , "..") can return binaries from PATH instead of only directories. This is tied to Golang tooling (go-toolset) and affects packages built with Go...

6.5CVSS5.9AI score0.00489EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/09/18 6:41 p.m.•1 views

CVE-2025-47906 Unexpected paths returned from LookPath in os/exec

5.9AI score0.00489EPSS

Exploits1References4

Cvelist•added 2025/09/18 6:41 p.m.•9 views

CVE-2025-47906 Unexpected paths returned from LookPath in os/exec

0.00489EPSS

Exploits1References4

OSV•added 2025/09/18 6:21 p.m.•3 views

GO-2025-3956 Unexpected paths returned from LookPath in os/exec

6.5CVSS6.9AI score0.00489EPSS

Exploits1References3

NVD•added 2025/09/10 6:15 p.m.•11 views

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

7.8CVSS0.00181EPSS

Exploits1References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-29864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. CVE-2024-29864 Note that Nessus relies on t...

9.8CVSS6.3AI score0.02934EPSS

Exploits1References2

OSV•added 2025/08/28 5:50 p.m.•2 views

CVE-2025-58059 Valtimo scripting engine can be used to gain access to sensitive data or resources

Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to:...

9.1CVSS6.3AI score0.00378EPSS

Exploits0References4

CVE•added 2025/08/28 5:6 p.m.•11 views

CVE-2025-31979

CVE-2025-31979 concerns HCL BigFix Service Management (SM). The vulnerability is a file upload validation bypass where the application fails to properly enforce file type restrictions during upload, allowing an attacker to upload unauthorized or malicious files (e.g., scripts, executables, web sh...

5.4CVSS6.5AI score0.00194EPSS

Exploits0References1

OSV•added 2025/08/28 4:46 p.m.•3 views

GHSA-W48J-PP7J-FJ55 Valtimo scripting engine can be used to gain access to sensitive data or resources

Impact Any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to: - Running executables on the application host - Inspecting and extracting data from the host environment or application properties -...

9.1CVSS6.7AI score0.00378EPSS

Exploits0References4

Github Security Blog•added 2025/08/28 4:46 p.m.•11 views

Valtimo scripting engine can be used to gain access to sensitive data or resources

9.1CVSS6.7AI score0.00378EPSS

Exploits0References4Affected Software1

CVE•added 2025/08/21 8:0 p.m.•13 views

CVE-2025-54460

The CVE-2025-54460 entry corresponds to AVEVA PI Integrator and describes an authenticated user with privileges to create or access publication targets (Text File or HDFS) being able to upload and persist files that could be executed. Connected sources corroborate an unrestricted upload of a dang...

7.1CVSS6.9AI score0.00278EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by