CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 6:39 a.m.•5 views

CVE-2024-51053

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS9.6AI score0.00332EPSS

RedhatCVE•added 2025/05/23 6:28 a.m.•8 views

CVE-2024-55341

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

4.7CVSS4.7AI score0.00112EPSS

RedhatCVE•added 2025/05/23 6:0 a.m.•2 views

CVE-2023-28627

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

8.8CVSS7.4AI score0.01098EPSS

RedhatCVE•added 2025/05/23 5:58 a.m.•2 views

CVE-2023-31448

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

4.7CVSS6.8AI score0.0015EPSS

RedhatCVE•added 2025/05/23 5:42 a.m.•7 views

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

6.1CVSS6.1AI score0.00144EPSS

RedhatCVE•added 2025/05/23 5:25 a.m.•5 views

CVE-2023-52324

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...

8.8CVSS7.7AI score0.07197EPSS

RedhatCVE•added 2025/05/23 5:11 a.m.•7 views

CVE-2023-32973

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

7.2CVSS7.2AI score0.00081EPSS

RedhatCVE•added 2025/05/23 5:3 a.m.•5 views

CVE-2023-36923

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

7.8CVSS6.6AI score0.00072EPSS

RedhatCVE•added 2025/05/23 5:3 a.m.•6 views

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

9.8CVSS7.8AI score0.00237EPSS

RedhatCVE•added 2025/05/23 5:0 a.m.•5 views

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...

9.8CVSS9AI score0.00813EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:43 a.m.•8 views

CVE-2023-40355

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

5.4CVSS6.1AI score0.13469EPSS

RedhatCVE•added 2025/05/23 4:19 a.m.•6 views

CVE-2023-42362

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file...

5.4CVSS7.5AI score0.00295EPSS

RedhatCVE•added 2025/05/23 4:17 a.m.•8 views

CVE-2023-41724

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...

9.6CVSS8.1AI score0.06296EPSS

RedhatCVE•added 2025/05/23 4:13 a.m.•3 views

CVE-2023-32971

7.2CVSS7.2AI score0.00081EPSS

RedhatCVE•added 2025/05/23 4:11 a.m.•7 views

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

6.1CVSS6.1AI score0.00144EPSS

RedhatCVE•added 2025/05/23 4:11 a.m.•6 views

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

9.8CVSS7.5AI score0.00432EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:11 a.m.•11 views

CVE-2023-46810

A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root...

7.3CVSS7.3AI score0.00088EPSS

RedhatCVE•added 2025/05/23 4:10 a.m.•5 views

CVE-2023-39073

An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...

9.8CVSS7.6AI score0.02217EPSS

RedhatCVE•added 2025/05/23 4:10 a.m.•4 views

CVE-2023-39061

Cross Site Request Forgery CSRF vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code...

3.5CVSS7.3AI score0.00712EPSS