CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/12/11 12:0 a.m.•2 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from a privilege bypass in onCreateTasks in CameraActivity.java, which could lead to the disclosure of local information...

5.5CVSS6.2AI score0.00005EPSS

CNVD•added 2025/12/10 12:0 a.m.•3 views

Google Android Privilege Bypass Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause activities to be launched from the background and local elevation of privilege...

7.8CVSS6.5AI score0.00206EPSS

OSV•added 2025/12/08 10:15 p.m.•1 views

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

2.7CVSS5.8AI score0.00029EPSS

CNNVD•added 2025/12/08 12:0 a.m.•2 views

Google Android 安全漏洞

7.8CVSS7.4AI score0.00206EPSS

CNNVD•added 2025/12/08 12:0 a.m.•2 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android that stems from a privilege bypass issue in the CertInstaller.java file, which could lead to the installation of certificates...

7.8CVSS6.4AI score0.00004EPSS

CNNVD•added 2025/12/08 12:0 a.m.•3 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from privilege bypass, which could lead to local elevation of privilege...

6.7CVSS6.1AI score0.00006EPSS

CNNVD•added 2025/12/05 12:0 a.m.•3 views

Team folders 安全漏洞

Team folders is a file sharing software from Nextcloud open source. A security vulnerability exists in Team folders versions prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, which stems from a read-only privileged user being able to restore files from the recycle bin,...

4.3CVSS6.5AI score0.00022EPSS

CNNVD•added 2025/12/05 12:0 a.m.•1 views

Nextcloud 授权问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates from a requestor being able to set another person's file to a pending approval...

2.7CVSS6.5AI score0.00023EPSS

Positive Technologies•added 2025/12/01 12:0 a.m.•1 views

PT-2025-48533

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

4.3CVSS6.6AI score0.00033EPSS

CNNVD•added 2025/11/21 12:0 a.m.•1 views

OpenFGA 授权问题漏洞

OpenFGA is OpenFGA open source a high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. An authorization issue vulnerability exists in OpenFGA versions v1.4.0 through v1.11.0, which stems from improper policy enforcement and could lead t...

8.8CVSS6.4AI score0.00067EPSS

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47358

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4 through 7.6.3 Fortinet FortiPAM versions 1.0 through 1.6.0 Fortinet FortiProxy versions 7.0 through 7.6.3 Description An Improper Privilege Management issue exists that may allow an authenticated administrator to...

1.9CVSS6.5AI score0.00013EPSS

Tenable Nessus•added 2025/11/12 12:0 a.m.•3 views

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.1 (SVD-2025-1102)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1102 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116,...

3.5CVSS5.8AI score0.00027EPSS

Exploits0References2

CNNVD•added 2025/11/12 12:0 a.m.•3 views

Dee Store 安全漏洞

Dee Store is an online shopping web application by the individual developer Dinuka Navaratna. A security vulnerability exists in Dee Store version 1.0, which stems from a lack of authorization validation and could allow a remote attacker to bypass privilege control by constructing a malicious...

7.5CVSS7.5AI score0.00044EPSS

Exploits0References5

Vulnrichment•added 2025/11/07 11:7 p.m.•1 views

CVE-2025-64433 KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

6.5CVSS6.3AI score0.00078EPSS

Exploits1References4

OSV•added 2025/11/06 12:53 p.m.•4 views

BIT-AIRFLOW-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

4.6CVSS6.8AI score0.00229EPSS

CNVD•added 2025/11/05 12:0 a.m.•3 views

Apache Airflow Security Bypass Vulnerability (CNVD-2025-30838)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...

4.6CVSS7AI score0.00229EPSS