CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Tenable Nessus•added 2025/03/04 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2018-2794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162,...

7.7CVSS5.5AI score0.0074EPSS

Exploits0References2

OSV•added 2025/03/03 8:53 p.m.•8 views

GHSA-GH9Q-2XRM-X6QV CGI has Denial of Service (DoS) potential in Cookie.parse

There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into t...

6.3CVSS5.5AI score0.00784EPSS

Exploits0References9

Tenable Nessus•added 2025/02/12 12:0 a.m.•13 views

Dahua Security NVR NVR50XX, NVR52XX, NVR54XX, and NVR58XX Improper Authentication (CVE-2017-9314)

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DHNVR5xxxEngPV2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. This plugin only works with...

8.8CVSS7.3AI score0.00934EPSS

Exploits0References2

CNVD•added 2024/12/23 12:0 a.m.•6 views

Google Android Illegal Authorization Vulnerability (CNVD-2025-0599078)

Google Android is a Linux-based open source operating system from Google. Google Android Illegal Authorization Vulnerability, the vulnerability stems from the removal of incorrect permission flags, resulting in a user's local privileges being elevated. An attacker can exploit the vulnerability fo...

7.8CVSS6.8AI score0.00082EPSS

Exploits0References1

Tenable Nessus•added 2024/11/20 12:0 a.m.•12 views

Wireshark 4.2.x < 4.2.9 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.2.9 advisory. - The FiveCo RAP dissector could go into an infinite loop. Fixed in master: d8ca9fc339 Fixed in release-4.4:...

7.8CVSS6.5AI score0.00299EPSS

Exploits1References7

CNVD•added 2023/08/09 12:0 a.m.•16 views

Siemens Solid Edge, JT2Go and Teamcenter Free After Use Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM, and TIF data.Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing, and design management.Teamcente...

7.8CVSS7.1AI score0.0029EPSS

Exploits0References1

OSV•added 2023/04/12 12:0 a.m.•2 views

UBUNTU-CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

6.5CVSS6.9AI score0.00741EPSS

Exploits0References8

Vulnrichment•added 2022/12/22 12:0 a.m.•4 views

CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

7.1AI score0.02577EPSS

Exploits1References4

Positive Technologies•added 2022/09/13 12:0 a.m.•2 views

PT-2022-9132 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue allows an untrusted app to control the ui32PageIndex offset via an ioctl, potentially leading to an out-of-bounds OOB read or write. This occurs in the expression sPA.uiAddr =...

9.8CVSS9.1AI score0.00306EPSS

Exploits0References3

CNNVD•added 2022/02/16 12:0 a.m.•3 views

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

9.8CVSS6AI score0.02339EPSS

Exploits0References12

CNVD•added 2021/06/09 12:0 a.m.•7 views

Adobe Creative Cloud Desktop Application Arbitrary File System Write Vulnerability

Adobe Creative Cloud Desktop Application is the management software for various Creative Cloud applications and services. An arbitrary file system write vulnerability exists in Adobe Creative Cloud Desktop Application 2.4 and earlier versions. The vulnerability originates from the creation of...

6.1CVSS6.8AI score0.00487EPSS

Exploits0References1

CVE•added 2021/06/07 7:25 p.m.•183 views

CVE-2021-30529

CVE-2021-30529 is a use-after-free in the Bookmarks component of the Chromium browser (Google Chrome) prior to 91.0.4472.77. An attacker who persuades a user to install a malicious extension could trigger heap corruption via a crafted HTML page, potentially leading to arbitrary code execution. Th...

8.8CVSS8.8AI score0.01004EPSS

Exploits1References4Affected Software1

CNVD•added 2021/04/08 12:0 a.m.•7 views

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2021-26118)

Cisco Unified Communications Manager is the powerful call processing component of the Cisco Unified Communications solution. It is a scalable, distributable, and highly available enterprise Voice over IP call processing solution.Cisco Unified Communications Manager Session Management Edition is t...

4.9CVSS6.2AI score0.01081EPSS

Exploits0References1

RedHat Linux•added 2021/03/25 12:56 p.m.•3 views

Mozilla: Angle graphics library out of date

The Mozilla Foundation Security Advisory describes this issue as: An out of date graphics library Angle likely contained vulnerabilities that could potentially be exploited...

9.8CVSS7.3AI score0.00901EPSS

Exploits1References6

OSV•added 2020/07/31 11:25 p.m.•6 views

MGASA-2020-0300 Updated thunderbird packages fix security vulnerability

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...

9.3CVSS7.9AI score0.03059EPSS

Exploits2References4

OSV•added 2020/04/13 6:15 p.m.•5 views

CVE-2020-6454

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS9AI score

Exploits0References8

Debian CVE•added 2019/11/25 2:22 p.m.•27 views

CVE-2019-13685

Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.6AI score0.00906EPSS

Exploits0

CNVD•added 2018/10/30 12:0 a.m.•0 views

Arbitrary File Deletion Vulnerability in Background File Management of HDWiki System

Interactive Wiki open source system HDwiki is a free wiki Wiki building system. There is an arbitrary file deletion vulnerability in the background file management of the HDWiki system. An attacker can exploit the vulnerability to delete arbitrary files...

7AI score

Exploits0

OSV•added 2018/06/11 9:29 p.m.•3 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

9.8CVSS8.2AI score

Exploits0References11