CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10276 matches found

CNNVD•added 2025/05/29 12:0 a.m.•1 views

Blackmagic Design DaVinci Resolve 安全漏洞

Blackmagic Design DaVinci Resolve is a software tool that combines editing, color correction, visual effects, motion graphics, and audio post-production in one package. A security vulnerability exists in Blackmagic Design DaVinci Resolve, which stems from insufficient dynamic library loading...

4.8CVSS6.4AI score0.0006EPSS

Exploits0References2

SUSE Linux•added 2025/05/28 10:2 a.m.•5 views

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

8.5CVSS7.3AI score0.00021EPSS

Exploits0References12

SUSE Linux•added 2025/05/28 9:52 a.m.•2 views

Security update for kernel-livepatch-MICRO-6-0_Update_3

This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

8.5CVSS7.3AI score0.00021EPSS

Exploits0References12

OSV•added 2025/05/28 9:18 a.m.•3 views

USN-7541-1 glibc vulnerability

It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid binary calls dlopen. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

7.8CVSS6.9AI score0.00043EPSS

Exploits1References2

NVD•added 2025/05/27 10:15 a.m.•9 views

CVE-2025-4412

On macOS systems, by utilizing a Launch Agent and loading the viscosityopenvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC Transparency, Consent, and Control identity. The acquired resource access is limited without entitlements such as acces...

4.8CVSS0.00068EPSS

Exploits0References2

Cvelist•added 2025/05/27 10:9 a.m.•18 views

CVE-2025-4412 TCC Bypass via Dylib Loading in Viscosity.app

4.8CVSS0.00068EPSS

Exploits0References2

Positive Technologies•added 2025/05/27 12:0 a.m.•2 views

PT-2025-22991

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 128.11 Description The issue arises from script elements loading cross-origin resources, which generate load and error events. These events leak information, enabling XS-Leaks attacks...

9.8CVSS8.8AI score0.30868EPSS

Exploits6References657

OpenVAS•added 2025/05/26 12:0 a.m.•6 views

Mageia: Security Advisory (MGASA-2025-0164)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00043EPSS

Exploits1References5

Mageia•added 2025/05/24 11:25 p.m.•20 views

Updated glibc packages fix security vulnerability

An untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS...

7.8CVSS7.1AI score0.00043EPSS

Exploits1References3

RedhatCVE•added 2025/05/23 10:2 a.m.•4 views

CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

6.1CVSS5AI score0.05137EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:50 a.m.•6 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

9.3CVSS7.7AI score0.09733EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:44 a.m.•2 views

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS7.8AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:47 a.m.•5 views

CVE-2024-25676

An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading...

4.7CVSS6.8AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:45 a.m.•4 views

CVE-2024-28589

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization...

6.7CVSS8AI score0.00121EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:21 a.m.•4 views

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

9.8CVSS7AI score0.00442EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:59 a.m.•17 views

CVE-2024-56453