CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...

8.8CVSS5.9AI score

Exploits0References1

CVE•added 2025/10/03 6:15 p.m.•6 views

CVE-2025-57714

CVE-2025-57714 affects QNAP NetBak Replicator. The root cause is an unquoted search path/element vulnerability that permits a local attacker who has a user account to execute arbitrary code or commands. The vulnerability is reported to affect NetBak Replicator and has been fixed in version 4.5.15...

8.5CVSS6.7AI score0.00018EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/03 6:15 p.m.•2 views

CVE-2025-57714 NetBak Replicator

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak...

8.5CVSS6.7AI score0.00018EPSS

Exploits0References1

Vulnrichment•added 2025/10/03 6:14 p.m.•2 views

CVE-2025-54153 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

8.6CVSS8AI score0.001EPSS

Exploits0References1

EUVD•added 2025/10/03 6:14 p.m.•2 views

EUVD-2025-32342

8.6CVSS7.8AI score0.001EPSS

Exploits0References2

Cvelist•added 2025/09/23 11:31 a.m.•4 views

CVE-2025-10244 HTML Payload Stored Cross-Site Scripting (XSS) Vulnerability

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting XSS vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process...

8.7CVSS0.00067EPSS

Exploits0References3

Positive Technologies•added 2025/09/23 12:0 a.m.•2 views

PT-2025-39118

Name of the Vulnerable Software and Affected Versions WPCasa plugin for WordPress versions prior to 1.4.2 Description The WPCasa plugin for WordPress is susceptible to Code Injection due to insufficient input validation and restriction on the api requests function. This allows unauthenticated...

9.8CVSS7.1AI score0.00192EPSS

Exploits0References10

OSV•added 2025/09/16 6:15 p.m.•2 views

CVE-2025-54262

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS5.8AI score0.00038EPSS

Exploits0References1

OSV•added 2025/09/08 2:23 p.m.•0 views

USN-7741-1 postgresql-14, postgresql-16, postgresql-17 vulnerabilities

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-8713 Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pgdump utility allowed untrusted data inclusion. ...

8.8CVSS7.6AI score0.00085EPSS

Exploits2References4

NVD•added 2025/09/03 6:15 a.m.•1 views

CVE-2023-21475

Out-of-bounds Write vulnerability in libaudiosaplussec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code...

8CVSS0.00027EPSS

Exploits0References1

Vulnrichment•added 2025/08/15 2:37 p.m.•3 views

CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS7.6AI score0.00064EPSS

Exploits0References2

RedhatCVE•added 2025/08/13 3:28 a.m.•2 views

CVE-2025-25278

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...

8.4CVSS7.8AI score0.00016EPSS

Exploits0References1

CVE•added 2025/08/13 1:49 a.m.•15 views

CVE-2025-4410

CVE-2025-4410 describes a buffer overflow in the SetupUtility module. Multiple sources (NVD/NVD-derived records, Red Hat advisory, CVE lists, and related enrichment) indicate a local-privilege path to arbitrary code execution: an attacker with local high privileges can exploit the issue to run co...

7.5CVSS7.5AI score0.0002EPSS

Exploits0References1

CVE•added 2025/08/12 5:10 p.m.•21 views

CVE-2025-50164

CVE-2025-50164 is a Windows RRAS vulnerability described as a heap-based buffer overflow in Routing and Remote Access Service. It enables an authorized attacker to execute code over the network (attack vector: network; authentication: low; user interaction required). The CVSS 3.1 basis in the ini...

8CVSS8.1AI score0.0044EPSS

Exploits0References1Affected Software7