CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

NVD•added 2025/12/23 8:15 p.m.•6 views

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

8.5CVSS0.00168EPSS

Exploits1References5

CVE•added 2025/12/22 9:35 p.m.•12 views

CVE-2023-53965

CVE-2023-53965 concerns SOUND4 Server Service 4.1.102 with an unquoted service path. The unquoted binary path could be exploited by a local, non-privileged user to execute code with elevated (LocalSystem) privileges during service startup by placing a malicious binary in the system root. Document...

8.6CVSS6.7AI score0.00203EPSS

Exploits2References4Affected Software1

ATTACKERKB•added 2025/10/19 7:32 a.m.•4 views

CVE-2025-11938

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

8.1CVSS4.8AI score0.00672EPSS

Exploits1References4

Cvelist•added 2025/10/19 7:32 a.m.•10 views

CVE-2025-11938 ChurchCRM setup.php deserialization

6.3CVSS0.00672EPSS

Exploits1References4

Vulnrichment•added 2025/10/19 7:32 a.m.•3 views

CVE-2025-11938 ChurchCRM setup.php deserialization

6.3CVSS5.2AI score0.00672EPSS

Exploits1References4

CVE•added 2025/10/19 7:32 a.m.•13 views

CVE-2025-11938

ChurchCRM up to version 5.18.0 is affected by a deserialization vulnerability in the file setup/routes/setup.php. The issue arises when user-controlled values for DB_PASSWORD, ROOT_PATH, or URL are deserialized, enabling remote exploitation. Multiple connected reports consolidate this as a remote...

8.1CVSS5.2AI score0.00672EPSS

Exploits1References4Affected Software1

CNNVD•added 2025/10/19 12:0 a.m.•4 views

ChurchCRM 代码问题漏洞

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...

8.1CVSS7.5AI score0.00672EPSS

Exploits1References5