CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS5.9AI score

Exploits0References1

Github Security Blog•added 2025/08/06 5:6 p.m.•5 views

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...

5.3CVSS6.3AI score0.00469EPSS

Exploits1References6Affected Software1

GithubExploit•added 2025/07/31 12:22 p.m.•266 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 description Basically below tool allow f...

6.8CVSS7.9AI score0.00132EPSS

Exploits22

Zero Day Initiative•added 2025/07/29 12:0 a.m.•3 views

Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast...

7.8CVSS6.7AI score0.00081EPSS

Exploits0

Tenable Nessus•added 2025/07/15 12:0 a.m.•6 views

SAP NetWeaver AS ABAP Multiple Vulnerabilities

The remote SAP NetWeaver ABAP server may be affected by multiple vulnerabilies. - SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious lin...

6.1CVSS5.5AI score0.00476EPSS

Exploits0References6

OSV•added 2025/06/24 7:0 p.m.•4 views

GHSA-WJ44-9VCG-WJQ7 Gogs allows deletion of internal files which leads to remote command execution

Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...

10CVSS10AI score0.02578EPSS

Exploits0References6

CVE•added 2025/06/03 9:43 a.m.•47 views

CVE-2024-36486

Parallels Desktop for Mac 20.1.1 (55740) has a privilege escalation flaw in the virtual machine archive restoration path. During unarchive, the root-privileged prl_vmarchiver decompresses data and writes it back to the original location; an attacker can exploit this by replacing archived data wit...

7.8CVSS7.4AI score0.00216EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/05/23 9:31 a.m.•4 views

CVE-2024-38518

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...

4.6CVSS6.8AI score0.00092EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by