CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/11/21 12:0 a.m.•16 views

CVE-2024-51367

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...

0.00283EPSS

CVE•added 2024/11/21 12:0 a.m.•39 views

CVE-2024-51367

CVE-2024-51367 affects BlackBoard v2.0.0.2 with an arbitrary file upload vulnerability in the component path "\Users\username.BlackBoard", allowing an attacker to execute arbitrary code by uploading a crafted .xml file. Public sources consistently describe the impact as remote code execution via ...

9.8CVSS7.8AI score0.00283EPSS

Vulnrichment•added 2024/11/20 12:28 p.m.•7 views

CVE-2024-11495 Buffer overflow in OllyDbg

Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking...

7.5CVSS7.8AI score0.00068EPSS

Cvelist•added 2024/11/20 12:0 a.m.•14 views

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

0.00304EPSS

Vulnrichment•added 2024/11/20 12:0 a.m.•11 views

CVE-2024-52769

An arbitrary file upload vulnerability in the component /admin/friendlinkedit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.00201EPSS

CVE•added 2024/11/20 12:0 a.m.•54 views

CVE-2024-52769

CVE-2024-52769 affects DedeBIZ v6.3.0 with an arbitrary file upload vulnerability in the /admin/friendlink_edit endpoint (also referenced as /admin/friendlink edit). Exploitation allows attackers to execute arbitrary code via a crafted file. The NVD entry cites CVSSv3.1: AV:N/AC:L/PR:H/UI:N/S:U/C...

7.2CVSS8AI score0.00201EPSS

Exploits1References2Affected Software1

Cvelist•added 2024/11/20 12:0 a.m.•10 views

CVE-2024-52769

An arbitrary file upload vulnerability in the component /admin/friendlinkedit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

0.00201EPSS

Vulnrichment•added 2024/11/20 12:0 a.m.•7 views

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.00304EPSS

OSV•added 2024/11/19 6:15 p.m.•18 views

CVE-2024-48991

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...

7.8CVSS7.9AI score0.00215EPSS

Exploits2References8

Debian CVE•added 2024/11/19 5:38 p.m.•16 views

CVE-2024-48991

7.8CVSS8.6AI score0.00215EPSS

Exploits2

Cvelist•added 2024/11/19 5:38 p.m.•34 views

CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

7.8CVSS0.15245EPSS

Exploits15References3

NVD•added 2024/11/18 11:15 p.m.•19 views

CVE-2024-33231

Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component...

5.4CVSS0.03628EPSS

NVD•added 2024/11/18 9:15 p.m.•12 views

CVE-2024-51053

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS0.00332EPSS

CVE•added 2024/11/15 12:0 a.m.•45 views

CVE-2024-51141

CVE-2024-51141 affects TOTOLINK Bluetooth Wireless Adapter A600UB. The issue is tied to WifiAutoInstallDriver.exe and MSASN1.dll, with root cause described as incorrect integrity value checking in MSASN1.dll within the WifiAutoInstallDriver.exe file, enabling a local attacker to execute arbitrary...

7.8CVSS7.7AI score0.00125EPSS

Exploits1References1Affected Software1

CVE•added 2024/11/15 12:0 a.m.•51 views

CVE-2024-50986

CVE-2024-50986 affects Clementine v1.3.1 and is exploitable via a local DLL hijacking/vector in Windows. A concrete PoC from a GitHub exploit shows that placing a crafted QUSEREX.DLL in C:\Users\AppData\Local\Microsoft\WindowsApps allows Clementine to load the malicious DLL at startup, enabling a...

7.3CVSS7.7AI score0.10855EPSS

Exploits2References3Affected Software1

CNVD•added 2024/11/15 12:0 a.m.•6 views

Adobe Substance 3D Painter Buffer Overflow Vulnerability (CNVD-2024-48221)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter version 10.1.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.5AI score0.00191EPSS

CNVD•added 2024/11/15 12:0 a.m.•6 views

Adobe Substance 3D Painter Untrusted Search Path Vulnerability

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter, which can be exploited by attackers to execute arbitrary code...

7.8CVSS7.4AI score0.00183EPSS

NVD•added 2024/11/14 8:15 p.m.•10 views

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

7.8CVSS0.00243EPSS