CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

OpenVAS•added 2025/07/23 12:0 a.m.•5 views

Google Chrome Security Update(stable-channel-update-for-desktop_22-2025-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS6.1AI score0.00324EPSS

Exploits0References1

CVE•added 2025/07/14 11:8 p.m.•58 views

CVE-2025-53836

CVE-2025-53836 affects XWiki Rendering where the default macro content parser did not preserve the restricted transformation context during nested macro execution, allowing macros normally forbidden in restricted mode (notably script macros) to run via nested macros such as cache and chart. Affec...

9.9CVSS6.4AI score0.05497EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/06/26 12:0 a.m.•1 views

PT-2025-26931 · WordPress · Webcam

Name of the Vulnerable Software and Affected Versions: web-cam plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the slug parameter due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6AI score0.00163EPSS

Exploits0References6

Positive Technologies•added 2025/06/09 12:0 a.m.•1 views

PT-2025-24565 · Pion · Pion Interceptor

Name of the Vulnerable Software and Affected Versions: Pion Interceptor versions v0.1.36 through v0.1.38 Description: Pion Interceptor is a framework for building RTP/RTCP communication software. The issue is caused by a bug in the RTP packet factory, which can be exploited by crafted RTP packets...

7.5CVSS6AI score0.00555EPSS

Exploits0References14

Positive Technologies•added 2025/05/29 12:0 a.m.•1 views

PT-2025-23215 · Unknown · Cs5000 Fire Panel

Name of the Vulnerable Software and Affected Versions: CS5000 Fire Panel affected versions not specified Description: The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. This account is not root but holds high-level permissions that could severely impact the...

9.8CVSS9.3AI score0.00482EPSS

Exploits0References12

Positive Technologies•added 2025/05/13 12:0 a.m.•1 views

PT-2025-20938

Name of the Vulnerable Software and Affected Versions: Remote Desktop Gateway Service affected versions not specified Description: The issue is related to uncontrolled resource consumption in the Remote Desktop Gateway Service, allowing an unauthorized attacker to deny service over a network. Thi...

7.8CVSS7.4AI score0.35908EPSS

Exploits0References14

Positive Technologies•added 2025/05/05 12:0 a.m.•3 views

PT-2025-19722 · NetGear · Netgear Rax5

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX5 version 1.0.2.26 Description: A command injection issue was discovered in the NETGEAR RAX5 AX1600 WiFi Router via the iface parameter in the vif disable function. Recommendations: For version 1.0.2.26, consider disabling the vif...

9.8CVSS7AI score0.08109EPSS

Exploits1References6

Positive Technologies•added 2025/04/01 12:0 a.m.•19 views

PT-2025-18655 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...

6.5CVSS7.9AI score0.09962EPSS

Exploits1References5

Positive Technologies•added 2025/02/18 12:0 a.m.•3 views

PT-2025-14112 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-LINK DI-8100 version 16.07.26A1 Description: The issue is related to a Buffer Overflow in the ipsec road asp function, which can be exploited via the host ip parameter. Recommendations: For D-LINK DI-8100 version 16.07.26A1, as a temporary...

9CVSS6.8AI score0.00752EPSS

Exploits1References6

Positive Technologies•added 2025/02/04 12:0 a.m.•2 views

PT-2025-2117

Name of the Vulnerable Software and Affected Versions WP Dream Carousel WordPress plugin versions 1.0.1b and earlier Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because a parameter is not sanitised...

6.1CVSS8.1AI score0.02069EPSS

Exploits1References7

Tenable Nessus•added 2025/01/19 12:0 a.m.•10 views

Fedora 40 : stb (2025-49e8952aab)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-49e8952aab advisory. Add another patch for the root cause of CVE-2021-45340. We already have a patch for CVE-2021-45340, but adding this new patch may prevent a related, unproven...

6.5CVSS6.6AI score0.00146EPSS

Exploits1References2

OSV•added 2025/01/15 10:4 p.m.•5 views

GHSA-MM6V-68QP-F9FW Crayfish allows Remote Code Execution via Homarus Authorization header

Impact Remote code execution may be possible in web-accessible installations of Homarus in certain configurations. Patches The issue has been patched in islandora/crayfish:4.1.0 Workarounds The exploit requires making a request against the Homarus's /convert endpoint; therefore, the ability to...

9.8CVSS9.7AI score0.0438EPSS

Exploits0References4

Packet Storm•added 2025/01/12 12:0 a.m.•146 views

CISA: Jack Rabbit III Initiatives

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score

Exploits0

ICS•added 2025/01/09 7:0 a.m.•3 views

Delta Electronics DRASimuCAD (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to...

7.8CVSS7.4AI score0.00894EPSS

Exploits0References10

NVD•added 2024/09/26 8:15 p.m.•7 views

CVE-2024-47180

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

8.8CVSS0.03964EPSS

Exploits0References4

OSV•added 2024/09/26 7:21 p.m.•5 views

CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges

8.8CVSS7.7AI score0.03964EPSS

Exploits0References6

Tenable Nessus•added 2024/09/24 12:0 a.m.•24 views

Oracle Linux 8 : expat (ELSA-2024-6989)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6989 advisory. - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910314 - Fix CVE-2024-45492 integer overflow - Fix CVE-2024-45491 Integer Overflow ...

9.8CVSS7.5AI score0.037EPSS

Exploits0References4

Cvelist•added 2024/09/02 4:26 p.m.•16 views

CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin

Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI e.g. via "view image" in a...

4.6CVSS0.00173EPSS

Exploits0References2

Positive Technologies•added 2024/07/09 12:0 a.m.•4 views

PT-2024-4759

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint versions prior to the fixed version Description: The vulnerability in Microsoft SharePoint is related to deserialization and allows remote attackers to execute arbitrary code. This issue has been exploited in real-world...

8.3CVSS9.7AI score0.70321EPSS

Exploits1References115