CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 2:2 a.m.•5 views

CVE-2023-33472

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function...

8.8CVSS7.7AI score0.03147EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:10 a.m.•6 views

CVE-2022-36564

Incorrect access control in the install directory C:\Strawberry of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

8.8CVSS7.8AI score0.00803EPSS

RedhatCVE•added 2025/05/22 9:45 p.m.•9 views

CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

7.8CVSS7.7AI score0.00102EPSS

RedhatCVE•added 2025/05/22 9:35 p.m.•2 views

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

8.8CVSS7.9AI score0.00075EPSS

RedhatCVE•added 2025/05/22 9:6 p.m.•4 views

CVE-2021-42996

Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

8.8CVSS7.9AI score0.00064EPSS

RedhatCVE•added 2025/05/22 9:3 p.m.•1 views

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

8.8CVSS7.9AI score0.0012EPSS

RedhatCVE•added 2025/05/22 6:52 p.m.•3 views

CVE-2021-44046

An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function verifying input data from a U3D file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS7.1AI score0.00294EPSS

RedhatCVE•added 2025/05/22 6:31 p.m.•3 views

CVE-2021-30784

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip...

7.8CVSS6.3AI score0.00372EPSS

RedhatCVE•added 2025/05/22 5:6 p.m.•3 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.8CVSS7.9AI score0.00313EPSS

Exploits1References1

Cvelist•added 2025/05/22 4:37 p.m.•12 views

CVE-2025-33138 IBM Aspera Faspex HTML injection

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00093EPSS

RedhatCVE•added 2025/05/22 4:27 p.m.•3 views

CVE-2020-17429

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

7.8CVSS5.9AI score0.00968EPSS

RedhatCVE•added 2025/05/22 4:26 p.m.•6 views

CVE-2020-17411

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

4.3CVSS6AI score0.11393EPSS

RedhatCVE•added 2025/05/22 4:21 p.m.•5 views

CVE-2020-27406

Cross Site Scripting XSS vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname...

5.4CVSS6.3AI score0.00377EPSS

RedhatCVE•added 2025/05/22 3:39 p.m.•4 views

CVE-2020-5640

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors...

9.8CVSS7.9AI score0.03091EPSS

RedhatCVE•added 2025/05/22 3:27 p.m.•3 views

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

7.8CVSS7.7AI score0.03723EPSS

RedhatCVE•added 2025/05/22 3:19 p.m.•4 views

CVE-2020-21474

File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter...

9.8CVSS7.9AI score0.01549EPSS

RedhatCVE•added 2025/05/22 3:10 p.m.•3 views

CVE-2020-10901

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

4.3CVSS6AI score0.02211EPSS

RedhatCVE•added 2025/05/21 9:2 p.m.•4 views

CVE-2003-0654

Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail...

7.5CVSS8.2AI score0.02039EPSS