CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

9.1CVSS6.1AI score0.03545EPSS

Exploits2References1

Github Security Blog•added 2025/07/08 7:7 p.m.•5 views

Cloudflare Vite plugin exposes secrets over the built-in dev server

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

6.3CVSS6.6AI score0.00118EPSS

Exploits0References6Affected Software1

F5 Networks•added 2025/07/01 11:2 p.m.•6 views

K000152313: shadow-utils vulnerability CVE-2024-56433

Security Advisory Description shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to...

3.6CVSS5.8AI score0.05999EPSS

Exploits0Affected Software3

RedhatCVE•added 2025/05/02 9:49 p.m.•14 views

CVE-2025-30422

A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

6.5CVSS7.5AI score0.00143EPSS

Exploits1References1

CVE•added 2025/03/30 6:0 p.m.•56 views

CVE-2025-2956

The CVE-2025-2956 entry applies to TRENDnet TI-G102i firmware versions 1.0.7.S0_ and 1.0.8.S0_. The vulnerability is a null pointer dereference in the HTTP Request Handler component (plugins_call_handle_uri_raw) of /usr/sbin/lighttpd, exploitable by an attacker on an adjacent network with low com...

7.1CVSS6.8AI score0.00132EPSS

Exploits0References5

ICS•added 2021/06/08 12:0 a.m.•31 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...

8.8CVSS9.1AI score0.00286EPSS

Exploits0References5

seebug.org•added 2004/08/31 12:0 a.m.•12 views

D-Link DCS-900 Camera Remote IP Address Changer Exploit

No description provided by source. / dlinkdown.c - miscname.com change ip address on all dlink dcs-900 cameras on the local network without authentication dlink dcs-900 ip cameras use a broadcast/listen method of configuration ... rather than a static ip addr out of the box, it listens for a...

7.1AI score

Exploits0

exploitpack•added 2000/05/16 12:0 a.m.•31 views

Stake AntiSniff 1.0.1Researchers 1.0 - DNS Overflow (3)

Stake AntiSniff 1.0.1Researchers 1.0 - DNS Overflow 3 // source: https://www.securityfocus.com/bid/1207/info Certain versions of @Stake Inc.'s Antisniffer software contain a remotely exploitable buffer overflow. AntiSniff is a program that was released by L0pht Heavy Industries in July of 1999. I...

0.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by