CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/29 6:45 p.m.•1 views

ROOT-OS-ALPINE-319-CVE-2024-32487 CVE-2024-32487 in rootio-less - Patched by Root

Root has patched CVE-2024-32487 in the rootio-less package for Root:Alpine:3.19. Multiple fixed versions available...

Tenable Nessus•added 2026/03/09 12:0 a.m.•2 views

Ubuntu 14.04 LTS : less vulnerability (USN-8079-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8079-1 advisory. It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary...

7.8CVSS6.9AI score0.00578EPSS

Tenable Nessus•added 2025/11/20 12:0 a.m.•3 views

TencentOS Server 4: less (TSSA-2024:0610)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0610 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.6CVSS6.7AI score0.00578EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-9447

Malicious code in bioql PyPI...

5.8CVSS6.9AI score0.00371EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-49459

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00102EPSS

Exploits0References7

Rosalinux•added 2025/09/09 10:19 a.m.•3 views

Advisory ROSA-SA-2025-2971

software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...

8.6CVSS7.9AI score0.00329EPSS

RedhatCVE•added 2025/04/03 9:47 p.m.•3 views

CVE-2025-31550

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS wp-less allows Retrieve Embedded Sensitive Data.This issue affects WP-LESS: from n/a through = 1.9.6...

5.8CVSS7.3AI score0.00371EPSS

Exploits0References1

NVD•added 2025/04/01 9:15 p.m.•3 views

CVE-2025-31550

5.8CVSS0.00371EPSS

Exploits0References1

Microsoft CVE•added 2025/02/28 8:0 a.m.•2 views

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

...

7.8CVSS6.3AI score0.00578EPSS

Tenable Nessus•added 2025/02/10 12:0 a.m.•5 views

Azure Linux 3.0 Security Update: less (CVE-2024-32487)

The version of less installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32487 advisory. - less through 653 allows OS command execution via a newline character in the name of a file, because quoting is...

Tenable Nessus•added 2025/02/05 12:0 a.m.•10 views

Amazon Linux AMI : less (ALAS-2025-1958)

The version of less installed on the remote host is prior to 436-13.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1958 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...

8.6CVSS7.3AI score0.00329EPSS

Exploits0References4

Amazon•added 2025/02/05 12:0 a.m.•3 views

Important: less

Issue Overview: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation als...

8.6CVSS7.9AI score0.00329EPSS

F5 Networks•added 2024/10/24 10:5 p.m.•32 views

K000148248: less vulnerability CVE-2024-32487

Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...

8.6CVSS7.3AI score0.00329EPSS

Tenable Nessus•added 2024/07/25 12:0 a.m.•13 views

CentOS 7 : less (RHSA-2024:3669)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3669 advisory. - less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typicall...

RedHat Linux•added 2024/07/02 3:27 p.m.•2 views

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

8.6CVSS6.8AI score0.00329EPSS

Exploits0References6

Tenable Nessus•added 2024/06/06 12:0 a.m.•38 views

Oracle Linux 7 : less (ELSA-2024-3669)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3669 advisory. - Fix CVE-2024-32487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

8.6CVSS7AI score0.00329EPSS

Amazon•added 2024/05/28 12:0 a.m.•2 views

Important: less

8.6CVSS7.3AI score0.00329EPSS

Amazon•added 2024/05/28 12:0 a.m.•3 views

Important: less

8.6CVSS7AI score0.00329EPSS

Tenable Nessus•added 2024/05/28 12:0 a.m.•33 views

Amazon Linux 2023 : less (ALAS2023-2024-622)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-622 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file...