CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4202 matches found

Vulnrichment•added 2025/01/14 6:4 p.m.•20 views

CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS7AI score0.01624EPSS

Exploits0References1

Cvelist•added 2025/01/14 6:4 p.m.•29 views

CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS0.01624EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:4 p.m.•14 views

CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS7AI score0.01563EPSS

Exploits0References1

Cvelist•added 2025/01/14 6:4 p.m.•16 views

CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS0.01624EPSS

Exploits0References1

CVE•added 2025/01/14 6:4 p.m.•104 views

CVE-2025-21402

CVE-2025-21402 is a Microsoft Office OneNote remote code execution vulnerability. The NVD entry notes a HIGH risk with CVSS 3.1: Local attack vector, low attack complexity, user interaction required, and impact to confidentiality, integrity, and availability. Multiple connected sources corroborat...

7.8CVSS7.8AI score0.0065EPSS

Exploits0References1Affected Software3

Vulnrichment•added 2025/01/14 6:4 p.m.•17 views

CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability

...

7.8CVSS6.9AI score0.00707EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:4 p.m.•17 views

CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

7.2CVSS7AI score0.01742EPSS

Exploits0References1

CVE•added 2025/01/14 6:4 p.m.•124 views

CVE-2025-21348

CVE-2025-21348 is a Microsoft SharePoint Server remote code execution vulnerability. The CVSSv3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates network access with low attack complexity, requiring high privileges and no user interaction. The impact is high on confidentiality, integrity, ...

7.2CVSS7.2AI score0.01742EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/01/14 6:4 p.m.•16 views

CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability

...

7.8CVSS0.00577EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:4 p.m.•7 views

CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.00826EPSS

Exploits0References1

Cvelist•added 2025/01/14 6:3 p.m.•39 views

CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability

...

8.8CVSS0.01345EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:3 p.m.•20 views

CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS8.7AI score0.01435EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:3 p.m.•10 views

CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS8.7AI score0.01624EPSS

Exploits0References1

Cvelist•added 2025/01/14 6:3 p.m.•11 views

CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS0.01624EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 6:3 p.m.•10 views

CVE-2025-21171 .NET Remote Code Execution Vulnerability

...

7.5CVSS7.5AI score0.01637EPSS

Exploits0References1

NVD•added 2025/01/14 3:15 p.m.•6 views

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS0.02272EPSS

Exploits1References2

NVD•added 2025/01/14 3:15 p.m.•32 views

CVE-2024-21797

A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS0.20596EPSS

Exploits1References2

CVE•added 2025/01/14 2:21 p.m.•50 views

CVE-2024-21797

CVE-2024-21797 affects Wavlink AC3000 M33A8.V5030.210505. Talos documents a command-injection in adm.cgi set_TR069() triggered by an authenticated HTTP request. The vulnerability arises from insufficient input filtering in TR069_local_port and related fields, allowing an attacker to inject shell ...

9.1CVSS7.2AI score0.20596EPSS

Exploits1References2Affected Software1

CVE•added 2025/01/14 2:21 p.m.•54 views

CVE-2024-39370

CVE-2024-39370 affects the Wavlink AC3000 M33A8.V5030.210505: the adm.cgi set_MeshAp() function is vulnerable to a buffer overflow via crafted POST data (e.g., wlan_ssid2), enabling arbitrary code execution after passing authentication. TALOS cites a CVSSv3.1 score of 9.1 (CRITICAL) with network ...

9.1CVSS7.8AI score0.02143EPSS

Exploits1References2Affected Software1

CVE•added 2025/01/14 2:21 p.m.•45 views

CVE-2024-39604

The CVE-2024-39604 entry corresponds to a command-execution vulnerability in the Wavlink AC3000 (M33A8.V5030.210505) update_filter_url.sh script. Cisco Talos details show an argument-injection flaw in update_filter_url.sh that can be triggered by a MITM-capable attacker over HTTP to cause arbitra...

9CVSS7.3AI score0.01898EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by