CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16954 matches found

OpenVAS•added 2025/05/26 12:0 a.m.•10 views

Fedora: Security Advisory (FEDORA-2024-f19c79e713)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02187EPSS

Exploits0References5

OSV•added 2025/05/24 11:25 p.m.•2 views

MGASA-2025-0164 Updated glibc packages fix security vulnerability

An untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS...

7.8CVSS7.8AI score0.00392EPSS

Exploits1References4

Mageia•added 2025/05/24 11:25 p.m.•20 views

Updated glibc packages fix security vulnerability

7.8CVSS7.1AI score0.00392EPSS

Exploits1References3

RedhatCVE•added 2025/05/23 10:12 a.m.•5 views

CVE-2024-29399

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...

7.6CVSS8.1AI score0.00948EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 10:9 a.m.•8 views

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

7.5CVSS7.1AI score0.00819EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:9 a.m.•7 views

CVE-2024-27632

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...

8.8CVSS7.2AI score0.01272EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:5 a.m.•2 views

CVE-2024-38448

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath aka -d is untrusted, because shell metacharacters may be used...

9.1CVSS6.2AI score0.00529EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:10 a.m.•8 views

CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...

6CVSS6.1AI score0.00417EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 4:34 a.m.•11 views

CVE-2023-45925

GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function xerrorhandler at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem an X operation silently fails...

7.2AI score0.00317EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:25 a.m.•6 views

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

7.5CVSS6.4AI score0.01158EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:58 a.m.•4 views

CVE-2023-47127

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the...

5.4CVSS6.5AI score0.00561EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:44 p.m.•5 views

CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

6.5CVSS7.4AI score0.00538EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:35 p.m.•8 views

CVE-2021-43413

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access...

9CVSS6.7AI score0.0191EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:50 p.m.•5 views

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

7CVSS7.1AI score0.00284EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:50 p.m.•8 views

CVE-2021-43412

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access...

7.8CVSS7AI score0.00349EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:44 p.m.•6 views

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS6.5AI score0.01093EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:51 p.m.•5 views

CVE-2020-21817

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service application crash...

6.5CVSS6.8AI score0.00913EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:51 p.m.•8 views

CVE-2020-21839

An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwgdecodeeed ../../src/decode.c:3638...

6.5CVSS6.7AI score0.01198EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:51 p.m.•4 views

CVE-2020-21816

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46...

8.8CVSS7.4AI score0.01232EPSS

Exploits1