CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6323 matches found

Positive Technologies•added 2025/12/17 12:0 a.m.•4 views

PT-2025-51971

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated attacker can upload malicious PHP files with a .phar extension, leading to remote code execution. Attackers can upload files containing system command payloads to the media upload endpoint...

8.8CVSS8.2AI score0.00874EPSS

Exploits1References10

Positive Technologies•added 2025/12/15 12:0 a.m.•6 views

PT-2025-51303

Name of the Vulnerable Software and Affected Versions Webutler version 3.2 Description Webutler version 3.2 has a flaw that permits authenticated administrators to upload PHP files capable of executing system commands. An attacker can upload a PHAR file containing embedded system commands through...

8.6CVSS7AI score0.00794EPSS

Exploits1References6

CVE•added 2025/12/01 12:0 a.m.•15 views

CVE-2025-61228

CVE-2025-61228 affects Shirt Pocket SuperDuper! versions 3.10 and earlier. The issue allows a local attacker to execute arbitrary code via the software update mechanism. The available sources indicate the vulnerability exists in pre-3.11 builds; mitigation is to update to version 3.11 (or later)....

7.8CVSS7.3AI score0.00093EPSS

Exploits1References3Affected Software1

NVD•added 2025/11/25 8:15 a.m.•6 views

CVE-2025-59370

A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...

7.5CVSS0.00936EPSS

Exploits0References1

NVD•added 2025/11/19 5:15 p.m.•8 views

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

9.8CVSS0.00621EPSS

Exploits2References4

RedhatCVE•added 2025/11/18 3:58 a.m.•17 views

CVE-2025-13284

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS7.9AI score0.01619EPSS

Exploits0References1

Positive Technologies•added 2025/11/18 12:0 a.m.•4 views

PT-2025-47335

Name of the Vulnerable Software and Affected Versions Kotaemon version 0.11.0 Description A cross site scripting XSS issue exists in Kotaemon version 0.11.0. This allows attackers to execute arbitrary code through a specially crafted PDF file. The issue involves the potential for malicious code...

6.1CVSS6.6AI score0.00352EPSS

Exploits1References6

CVE•added 2025/11/14 6:0 a.m.•19 views

CVE-2025-10686

The CVE-2025-10686 has concrete details across multiple sources: Creta Testimonial Showcase WordPress plugin prior to v1.2.4 is vulnerable to Local File Inclusion. Authenticated users with editor-level access or higher can include and execute arbitrary PHP files on the server, enabling code execu...

7.2CVSS6.9AI score0.0042EPSS

Exploits0References1

Cvelist•added 2025/11/05 4:31 p.m.•5 views

CVE-2025-20375 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

6.5CVSS0.00328EPSS

Exploits0References1

CNNVD•added 2025/10/22 12:0 a.m.•7 views

NVIDIA ConnectX和NVIDIA BlueField 缓冲区错误漏洞

NVIDIA ConnectX and NVIDIA BlueField are both products of NVIDIA Corporation.NVIDIA ConnectX is a family of Intelligent Network Interface cards.NVIDIA BlueField is a family of data processing units. A buffer error vulnerability exists in NVIDIA ConnectX and NVIDIA BlueField, which stems from a fl...

6.7CVSS7.1AI score0.00163EPSS

Exploits0References4

CNVD•added 2025/10/21 12:0 a.m.•4 views

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

7.2CVSS7.3AI score0.00721EPSS

Exploits2References1

CNNVD•added 2025/10/14 12:0 a.m.•3 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE ArubaOS that originates from a remote attacker after authentication that can execute remote commands, which could lead to the execution of arbitrary commands on the underlying operatin...

7.2CVSS7.5AI score0.00811EPSS

Exploits0References2