CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/05/01 12:0 a.m.•63 views

CVE-2025-47153

CVE-2025-47153 concerns build-time handling on 32-bit systems (i386) where libuv binaries and Node.js binaries are built with inconsistent off_t sizing. Specifically, 32-bit Debian builds may set _FILE_OFFSET_BITS=64 for the libuv dynamic library but rely on the system default (32) for nodejs, ca...

6.5CVSS6.5AI score0.00692EPSS

Exploits0References6

Positive Technologies•added 2025/05/01 12:0 a.m.•2 views

PT-2025-18371 · Libuv +2 · Libuv +2

Name of the Vulnerable Software and Affected Versions: libuv and Node.js versions prior to nodejs 20.19.0+dfsg-2 i386.deb Description: The issue arises from certain build processes for libuv and Node.js on 32-bit systems, where the off t size is inconsistent. This inconsistency occurs because the...

6.5CVSS6.2AI score0.00692EPSS

Exploits0References26

Cvelist•added 2025/04/15 4:32 p.m.•14 views

CVE-2025-32776 OpenRazer Vulnerable to Out of Bounds Read

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

5.5CVSS0.00047EPSS

Exploit DB•added 2025/04/15 12:0 a.m.•264 views

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 bbmdUpdate.php - Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management an...

10CVSS6.6AI score0.12477EPSS

Exploits17

Exploit DB•added 2025/04/03 12:0 a.m.•164 views

ABB Cylon Aspect 3.07.02 - File Disclosure

Exploit Title : ABB Cylon Aspect 3.07.02 - File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

Packet Storm•added 2025/02/05 12:0 a.m.•497 views

Checkmk 2.3.0p2 / NagVis 1.9.40 Shell Upload

The NagVis component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. KL-001-2025-002: Checkmk NagVis Remote Code...

8AI score0.0107EPSS

Exploits2

KoreLogic Security•added 2025/02/04 12:0 a.m.•13 views

Checkmk NagVis Remote Code Execution

Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE Classification: CWE-434: Unrestricted Upload of File with Dangerous Type CVE ID: CVE-2024-13723 2. Vulnerability Description The "NagVis"...

7.2CVSS7.3AI score0.0107EPSS

Exploits2

KoreLogic Security•added 2025/02/04 12:0 a.m.•15 views

Checkmk NagVis Reflected Cross-site Scripting

Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE Classification: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVE ID: CVE-2024-13722 2...

5.4CVSS6.6AI score0.00228EPSS

Exploits2

0day.today•added 2025/01/09 12:0 a.m.•598 views

ABB Cylon Aspect 3.08.02 uploadDb.php Remote Code Execution Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the contents of an uploaded .db file, which is passed to the copyFile.sh script. Although the filename is sanitized, the...

9.3CVSS9.9AI score0.12477EPSS

Exploits10

Zero Science Lab•added 2024/12/12 12:0 a.m.•368 views

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

6AI score

Redos•added 2024/12/03 12:0 a.m.•12 views

ROS-20241203-15

Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...

9.8CVSS7.2AI score0.00759EPSS

Packet Storm•added 2024/12/02 12:0 a.m.•241 views

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

Zero Science Lab•added 2024/11/28 12:0 a.m.•253 views

ABB Cylon Aspect 3.08.00 (fileSystemUpdate.php) Insecure File Upload

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description A vulnerability exists in the fileSystemUpdate.php endpoint of the AB...

5.9AI score

Packet Storm•added 2024/11/27 12:0 a.m.•321 views

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

RedHat Linux•added 2024/11/12 9:27 a.m.•12 views

Low: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

3.2CVSS5.8AI score0.00018EPSS

Exploits0References6

OSV•added 2024/11/12 12:0 a.m.•13 views

ALSA-2024:9325 Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

3.2CVSS3.5AI score0.00018EPSS

AlmaLinux•added 2024/11/12 12:0 a.m.•14 views

Low: cockpit security update

3.2CVSS6.5AI score0.00018EPSS

Packet Storm•added 2024/11/05 12:0 a.m.•329 views

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

Packet Storm•added 2024/10/30 12:0 a.m.•363 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...