CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14962 matches found

Positive Technologies•added 2025/10/14 12:0 a.m.•1 views

PT-2025-42107

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description A use-after-free condition exists in Microsoft Office Word that could allow an unauthorized attacker to execute code locally. Recommendations At the moment, there is no...

7.8CVSS9.1AI score0.00102EPSS

Exploits0References9

NVD•added 2025/10/13 8:15 a.m.•3 views

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

8.6CVSS0.00606EPSS

Exploits0References2

CNNVD•added 2025/10/13 12:0 a.m.•1 views

Elastic Cloud Enterprise 安全漏洞

Elastic Cloud Enterprise is a cloud platform from the Dutch company Elastic. It makes it easy to deploy, operate and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise that stems from improper neutralization of special elements in the template engine,...

9.1CVSS6.7AI score0.00057EPSS

Exploits0References2

CNNVD•added 2025/10/13 12:0 a.m.•2 views

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.3AI score0.00338EPSS

Exploits0References2

EUVD•added 2025/10/10 7:50 p.m.•3 views

EUVD-2025-33778

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS6.5AI score0.00076EPSS

Exploits1References1

RedhatCVE•added 2025/10/10 4:20 p.m.•1 views

CVE-2025-60001

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.9AI score0.00035EPSS

Exploits0References1

EUVD•added 2025/10/09 3:26 p.m.•2 views

EUVD-2025-33352

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host...

6.5AI score

Exploits0References2

OSV•added 2025/10/09 3:26 p.m.•1 views

GHSA-365G-VJW2-GRX8 n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

8.8CVSS6.2AI score

Exploits0References2

Github Security Blog•added 2025/10/09 3:26 p.m.•8 views

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

7.5AI score

Exploits0References2Affected Software2

Snyk•added 2025/10/09 3:26 p.m.•2 views

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS8AI score

Exploits0References2

Snyk•added 2025/10/09 3:26 p.m.•1 views

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS7.9AI score

Exploits0References2

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41437

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. An attacker can inject script tags in the...

6.1CVSS6.8AI score0.00035EPSS

Exploits0References4

CNNVD•added 2025/10/09 12:0 a.m.•6 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

7.2CVSS6.9AI score0.00057EPSS

Exploits2References2

Tenable Nessus•added 2025/10/08 12:0 a.m.•3 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.6-h21 / 11.1.7-10.x < 11.1.10-h7 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.6-h21, 11.1.7-10.x prior to 11.1.10-h7, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An improper input neutralization vulnerability in the management w...

7.2CVSS5.9AI score0.00057EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-4028

Malware in sbrugna...

7.5CVSS6.4AI score0.01042EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-12211

Malware in sbrugna...

9.9CVSS9.1AI score0.02768EPSS

Exploits0References2