CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-43812

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00148EPSS

Exploits1References3

GithubExploit•added 2025/07/19 6:31 p.m.•220 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP Authentication Bypass Exploit This...

9.8CVSS9.9AI score0.88937EPSS

Exploits20

RedhatCVE•added 2025/04/17 11:23 p.m.•7 views

CVE-2025-27929

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...

6.9CVSS7.1AI score0.00761EPSS

Exploits0References3

NVD•added 2025/04/15 10:15 p.m.•7 views

CVE-2025-27929

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...

6.9CVSS0.00761EPSS

Exploits0References1

CVE•added 2025/04/15 9:59 p.m.•50 views

CVE-2025-27929

CVE-2025-27929 affects Growatt Cloud Applications. The connected sources confirm an unauthenticated attacker can retrieve the full list of users associated with arbitrary accounts, implying a potential authorization/identity exposure vulnerability. Public details specifically mention Growatt Clou...

6.9CVSS5.5AI score0.00761EPSS

Exploits0References1Affected Software1

NVD•added 2021/08/26 10:15 p.m.•6 views

CVE-2020-20675

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...

9.8CVSS0.00264EPSS

Exploits1References1

NVD•added 2021/08/06 11:15 a.m.•10 views

CVE-2021-32587

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADO...

4.3CVSS0.00204EPSS

Exploits0References1

Metasploit•added 2021/04/21 5:42 p.m.•168 views

Cockpit CMS NoSQLi to RCE

This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...

9.8CVSS10AI score0.93971EPSS

Exploits12

The Hacker News•added 2014/01/02 12:32 a.m.•13 views

DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

In the era of Smartphones, Apple’s iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher Jacob Appelbaum, a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple’s iPhones,...

7AI score

Exploits0

Exploit DB•added 2010/06/01 12:0 a.m.•17 views

XFTP 3.0 Build 0239 - 'Filename' Remote Buffer Overflow

!/usr/bin/python import socket import sys """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

7.4AI score

Exploits0

Tenable Nessus•added 2005/08/27 12:0 a.m.•47 views

Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities

The version of Simple PHP Blog installed on the remote host allows authenticated attackers to upload files containing arbitrary code to be executed with the privileges of the web server userid. In addition, it likely lets anyone retrieve its configuration file as well as the user list and to dele...

7.5CVSS5.9AI score0.79937EPSS

Exploits4References5