CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/03 10:16 p.m.•6 views

CVE-2020-37066

GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...

9.8CVSS0.00351EPSS

NVD•added 2026/01/26 2:15 p.m.•8 views

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

7.8CVSS0.00256EPSS

RedhatCVE•added 2026/01/09 12:40 p.m.•8 views

CVE-2023-43838

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar...

7.8CVSS7.8AI score0.00576EPSS

RedhatCVE•added 2026/01/09 11:28 a.m.•7 views

CVE-2021-33361

Memory leak in the afraboxread function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file...

5.5CVSS6.4AI score0.00927EPSS

RedhatCVE•added 2026/01/09 10:41 a.m.•9 views

CVE-2022-35904

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within...

3.3CVSS6.7AI score0.00198EPSS

RedhatCVE•added 2026/01/09 10:7 a.m.•8 views

CVE-2019-20632

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gfodfdeletedescriptor in odf/descprivate.c that can cause a denial of service via a crafted MP4 file...

5.5CVSS6.6AI score0.00824EPSS

RedhatCVE•added 2026/01/09 9:36 a.m.•9 views

CVE-2024-34909

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...

9.8CVSS7.7AI score0.00455EPSS

RedhatCVE•added 2026/01/09 8:58 a.m.•19 views

CVE-2023-45588

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...

8.2CVSS8.1AI score0.00262EPSS

RedhatCVE•added 2026/01/09 8:50 a.m.•10 views

CVE-2021-31516

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

7.8CVSS6.8AI score0.02384EPSS

RedhatCVE•added 2026/01/09 8:43 a.m.•10 views

CVE-2022-42420

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.9AI score0.00434EPSS

GithubExploit•added 2026/01/07 12:45 p.m.•143 views

Exploit for CVE-2024-45427

CVE-2024-45427 Exploit Generator This script generates a malic...

6.4AI score

Exploits1

RedhatCVE•added 2026/01/07 9:16 a.m.•6 views

CVE-2022-27824

Improper size check of in sapefdparsemetaDESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file...

7.1CVSS6.6AI score0.00282EPSS

Cvelist•added 2025/12/15 8:28 p.m.•17 views

CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

8.6CVSS0.00794EPSS

Exploits1References3

Positive Technologies•added 2025/11/11 12:0 a.m.•4 views

PT-2025-46444

Name of the Vulnerable Software and Affected Versions InCopy versions 20.5, 19.5.5 and earlier Description InCopy versions 20.5, 19.5.5 and earlier are susceptible to a Use After Free issue, potentially allowing arbitrary code execution with the privileges of the current user. Successful...

7.8CVSS7.4AI score0.00197EPSS

EUVD•added 2025/10/14 9:30 p.m.•15 views

EUVD-2025-34474

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

7.8CVSS6.5AI score0.00201EPSS

Exploits0References2

OSV•added 2025/10/09 10:29 p.m.•3 views

GHSA-H6M2-R6H9-4C44 BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS8AI score0.00437EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-10745

Malware in sbrugna...

7.8CVSS7.5AI score0.01424EPSS