CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4571 matches found

OSV•added 2025/01/16 5:19 p.m.•21 views

GHSA-P9V8-Q5M4-PF46 CVE-2024-5138: snapd snapctl auth bypass

Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...

4CVSS8AI score0.00826EPSS

Exploits1References6

CBLMariner•added 2025/01/16 3:28 a.m.•12 views

CVE-2024-56201 affecting package python-jinja2 for versions less than 3.1.2-2

CVE-2024-56201 affecting package python-jinja2 for versions less than 3.1.2-2. A patched version of the package is available...

8.8CVSS8.9AI score0.00298EPSS

Exploits0

Positive Technologies•added 2025/01/16 12:0 a.m.•3 views

PT-2025-2583 · Themesebrand · Themesebrand Chatvia

Name of the Vulnerable Software and Affected Versions: themesebrand Chatvia version 5.3.2 Description: An issue in themesebrand Chatvia allows a remote attacker to execute arbitrary code via the User profile Upload image function. Recommendations: For themesebrand Chatvia version 5.3.2, consider...

4.6CVSS8.1AI score0.00446EPSS

Exploits0References5

Positive Technologies•added 2025/01/15 12:0 a.m.•3 views

PT-2025-1115

Name of the Vulnerable Software and Affected Versions Moxa EDS-508A Series versions 3.11 and earlier Description The Moxa EDS-508A Series Ethernet switch is vulnerable to an authentication bypass due to flaws in its authorization mechanism. Although both client-side and back-end server verificati...

9.2CVSS5.4AI score0.00825EPSS

Exploits0References27

Tenable Nessus•added 2025/01/15 12:0 a.m.•18 views

Oracle Linux 9 : rsync (ELSA-2025-0324)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-0324 advisory. 3.2.3-20.1 - Resolves: RHEL-72495 - Info Leak via Uninitialized Stack Contents Tenable has extracted the preceding description block directly from the Oracle...

7.5CVSS7.6AI score0.09353EPSS

Exploits2References2

CBLMariner•added 2025/01/14 12:27 a.m.•11 views

CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-24

CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-24. A patched version of the package is available...

5.3CVSS5.6AI score0.00856EPSS

Exploits0

CBLMariner•added 2025/01/14 12:27 a.m.•8 views

CVE-2024-45338 affecting package cri-tools for versions less than 1.29.0-6

CVE-2024-45338 affecting package cri-tools for versions less than 1.29.0-6. A patched version of the package is available...

5.3CVSS5.6AI score0.00856EPSS

Exploits0

Positive Technologies•added 2025/01/14 12:0 a.m.•2 views

PT-2025-1220

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An elevation-of-privilege issue exists within the Windows Recovery Environment Agent component. Successful exploitation of this issue could allow an attacker to gain elevated privileges on th...

6.6CVSS9.1AI score0.00862EPSS

Exploits0References8

Positive Technologies•added 2025/01/14 12:0 a.m.•4 views

PT-2025-1245 · Microsoft · Office Excel +2

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to a remote code execution problem in Microsoft Excel. It is associated with the dereferencing of an untrusted pointer in Microsoft Office and 365 Apps for...

8.4CVSS9.2AI score0.00941EPSS

Exploits0References5

Positive Technologies•added 2025/01/14 12:0 a.m.•4 views

PT-2025-3500 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.49.1 Description: The issue in the exps bind column component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.49.1, consider restricting...

7.5CVSS7.5AI score0.00514EPSS

Exploits0References3

Positive Technologies•added 2025/01/14 12:0 a.m.•7 views

PT-2025-2310 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A command execution issue exists in the adm.cgi set TR069 functionality. This allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. The vulnerabili...

9.1CVSS7.8AI score0.20769EPSS

Exploits1References4

OSV•added 2025/01/13 8:34 p.m.•4 views

CVE-2025-22138 Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel

@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue...

5.1CVSS6.8AI score0.00371EPSS

Exploits0References3

CBLMariner•added 2025/01/13 5:28 p.m.•10 views

CVE-2024-45338 affecting package kubernetes for versions less than 1.28.4-13

CVE-2024-45338 affecting package kubernetes for versions less than 1.28.4-13. A patched version of the package is available...

5.3CVSS5.6AI score0.00856EPSS

Exploits0

CBLMariner•added 2025/01/12 9:15 a.m.•133 views

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available currently...

7.5CVSS7.8AI score0.24622EPSS

Exploits0