CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

189 matches found

Packet Storm•added 2026/02/04 12:0 a.m.•99 views

📄 NCR Command Center Agent 16.3 Remote Command Execution

Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...

10CVSS9AI score0.9036EPSS

Exploits3

Rapid7 Blog•added 2025/10/31 7:14 p.m.•16 views

Metasploit Wrap-Up 10/31/2025

New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...

10CVSS9.7AI score0.9036EPSS

Exploits3

Packet Storm•added 2025/10/30 12:0 a.m.•176 views

📄 NCR Command Center Agent 16.3 Remote Code Execution

CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

10CVSS7.5AI score0.9036EPSS

Exploits3

NVD•added 2025/10/29 3:15 p.m.•2 views

CVE-2025-61429

An issue in NCR Atleos Terminal Manager ConfigApp v3.4.0 allows attackers to escalate privileges via a crafted request...

8.8CVSS0.00079EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 12:0 a.m.•2 views

CVE-2025-61429

An issue in NCR Atleos Terminal Manager ConfigApp v3.4.0 allows attackers to escalate privileges via a crafted request...

6.8AI score0.00079EPSS

Exploits0References1

CVE•added 2025/10/29 12:0 a.m.•8 views

CVE-2025-61429

CVE-2025-61429 concerns NCR Atleos Terminal Manager (ConfigApp) v3.4.0. The connected sources describe a privilege-escalation issue exploitable by a crafted request, with CVSSv3.1 metrics indicating Network attack vector, low attack complexity, required privileges Low, no user interaction, and im...

8.8CVSS6.8AI score0.00079EPSS

Exploits0References1

Cvelist•added 2025/10/29 12:0 a.m.•3 views

CVE-2025-61429

An issue in NCR Atleos Terminal Manager ConfigApp v3.4.0 allows attackers to escalate privileges via a crafted request...

0.00079EPSS

Exploits0References1

CNNVD•added 2025/10/29 12:0 a.m.•2 views

NCR Atleos Terminal Manager ConfigApp 安全漏洞

NCR Atleos Terminal Manager ConfigApp is a terminal management tool module from NCR Atleos USA. A security vulnerability exists in NCR Atleos Terminal Manager ConfigApp version 3.4.0, which stems from improper handling of specially crafted requests and could lead to elevation of privilege...

8.8CVSS6.6AI score0.00079EPSS

Exploits0References2