CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 3 days ago•7 views

PT-2026-45432

8.7CVSS5.8AI score0.00041EPSS

Vulnrichment•added 2026/05/21 1:1 p.m.•1 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS7.7AI score0.00552EPSS

EUVD•added 2026/01/13 4:37 p.m.•2 views

EUVD-2026-2234

Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file...

5.3CVSS6.3AI score0.00081EPSS

CNNVD•added 2026/01/13 12:0 a.m.•1 views

Pega Customer Service Framework 安全漏洞

Pega Customer Service Framework is a customer service framework from Pega Corporation in the United States. A security vulnerability exists in Pega Customer Service Framework versions 8.7.0 through 25.1.0, which originates from an unrestricted file upload and could allow a privileged user to uplo...

5.3CVSS5.8AI score0.00081EPSS

NVD•added 2025/11/11 1:15 a.m.•1 views

CVE-2025-42883

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

2.7CVSS0.00036EPSS

CVE•added 2025/11/11 12:13 a.m.•5 views

CVE-2025-42883

Affected software: SAP NetWeaver Application Server for ABAP, Migration Workbench (DX Workbench). Vulnerability details: A code issue causes the Migration Workbench to fail to trigger a malware scan when a user with administrative privileges uploads files to the application server, allowing poten...

2.7CVSS6.4AI score0.00036EPSS

Vulnrichment•added 2025/11/11 12:13 a.m.•1 views

CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)

2.7CVSS6.3AI score0.00036EPSS

Github Security Blog•added 2025/09/23 12:29 a.m.•3 views

Our plan for a more secure npm supply chain

Open source software is the bedrock of the modern software industry. Its collaborative nature and vast ecosystem empower developers worldwide, driving efficiency and progress at an unprecedented scale. This scale also presents unique vulnerabilities that are continually tested and under attack by...

7.1AI score

Exploits0

OSV•added 2025/03/11 11:19 p.m.•3 views

MAL-2025-2283 Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

CNNVD•added 2024/11/20 12:0 a.m.•2 views

HkCms 代码问题漏洞

HkCms is a free open-source content management system of Guangzhou Hengqi Education Technology Co. Ltd. HkCms file upload vulnerability, the vulnerability stems from a file upload vulnerability in the getFileName method in /app/common/library/Upload.php. The vulnerability can be exploited by an...

9.8CVSS7.1AI score0.00201EPSS

OSV•added 2024/11/19 6:15 p.m.•1 views

CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges...

9.8CVSS5.8AI score0.00115EPSS

CNNVD•added 2023/10/13 12:0 a.m.•1 views

Mitsubishi Electric MELSEC-F Series 授权问题漏洞

Mitsubishi Electric MELSEC-F Series is a basic micro PLC with analog and communication function scalability for industrial control equipment from Mitsubishi Electric Mitsubishi Electric, Japan. An authentication error vulnerability exists in the Mitsubishi Electric MELSEC-F Series, which can be...

9.1CVSS7AI score0.00232EPSS

Exploits0References5

CNNVD•added 2023/02/25 12:0 a.m.•1 views

ZOHO ManageEngine Desktop Central 路径遍历漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

8.8CVSS8.1AI score0.03747EPSS

Exploits2References3

OSV•added 2022/08/29 11:15 p.m.•1 views

CVE-2022-38625

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position i...

8.8CVSS5.8AI score0.00265EPSS

CNNVD•added 2022/07/05 12:0 a.m.•3 views

OpenCTI 跨站脚本漏洞

OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...

5.4CVSS5.3AI score0.00281EPSS

The Hacker News•added 2021/11/23 7:39 a.m.•23 views

GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange...

6.6AI score

Exploits0

CNVD•added 2020/11/12 12:0 a.m.•1 views

SAP NetWeaver AS JAVA Command Execution Vulnerability (CNVD-2020-62998)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver AS JAVA version 7.20, 7.30, 7.31, 7.40, and 7.50 that allows an...

9.1CVSS7.6AI score0.03156EPSS

CNVD•added 2020/06/04 12:0 a.m.•5 views

Cisco IOx Application Framework Input Validation Error Vulnerability

Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. An input validation error vulnerability exists in Cisco IOx Application Framework versions prior to 1.9.0, which...

8.1CVSS6.7AI score0.00407EPSS