Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

326 matches found

Positive Technologies
Positive Technologiesadded 2025/12/30 12:0 a.m.3 views

PT-2025-54217

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

6.7CVSS7.5AI score0.00004EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/12/24 10:29 p.m.3 views

CVE-2025-66213

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS9.1AI score0.0023EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/23 10:6 p.m.2 views

EUVD-2025-204954

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS8.6AI score0.0025EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2025/12/23 12:0 a.m.2 views

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

7.8AI score0.00113EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/18 12:35 a.m.8 views

CVE-2024-46060

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary...

7.8CVSS7.7AI score0.00031EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/18 12:35 a.m.4 views

CVE-2024-46062

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

7.8CVSS7.7AI score0.00031EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/17 9:30 p.m.3 views

EUVD-2024-55356

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

7.2AI score0.00031EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/12/17 12:0 a.m.3 views

PT-2025-51858

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary...

7.7AI score0.00031EPSS
Exploits1References3
CVE
CVEadded 2025/12/16 10:17 p.m.7 views

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are affected by a local privilege-escalation flaw caused by an unsafe interaction between sudo permissions and application file permissions. A maintenance script, accessible to users, may run as root via sudo and includes an application file writable by a lowe...

8.6CVSS7.3AI score0.00125EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2025/12/09 6:30 p.m.2 views

EUVD-2024-55304

A vulnerability has been identified in RUGGEDCOM ROX II family All versions V2.17.0. Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user...

7.5CVSS7.6AI score0.00028EPSS
Exploits0References2
OSV
OSVadded 2025/12/09 4:17 p.m.2 views

CVE-2024-56840

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

7.5CVSS6.1AI score0.00028EPSS
Exploits0References1
CVE
CVEadded 2025/12/09 10:44 a.m.10 views

CVE-2024-56840

The CVE-2024-56840 issue affects Siemens RUGGEDCOM ROX II family devices (and older ROX MX/RX variants) with all versions prior to 2.17.0. Under certain conditions, IPsec may allow code injection, enabling an attacker to execute arbitrary code as root on the affected device. Several connected sou...

7.5CVSS9.3AI score0.00028EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/11 12:50 p.m.1 views

CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

6.5CVSS7.5AI score0.00118EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/11/05 12:0 a.m.3 views

PT-2025-45161

Name of the Vulnerable Software and Affected Versions PocketVJ CP versions 3.9.1 Description The application does not properly sanitize user input in the opacityValue POST parameter before it is used in a shell command. This allows remote attackers to execute arbitrary commands with root privileg...

9.8CVSS7.3AI score0.00355EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/11/05 12:0 a.m.1 views

PocketVJ CP 安全漏洞

PocketVJ CP is a control panel software by magdesign individual developers. A security vulnerability exists in PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1, which stems from the submitopacity.php component failing to clean up user input for the capacityValue POST parameter, which could allow a...

9.8CVSS7.5AI score0.00355EPSS
Exploits1References2
OSV
OSVadded 2025/10/30 10:15 p.m.3 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS6AI score0.01472EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-13041

Malware in sbrugna...

9CVSS8.8AI score0.00681EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2018-3039

Malware in sbrugna...

7.8CVSS7.7AI score0.00022EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-13508

Malware in sbrugna...

7.8CVSS8AI score0.00089EPSS
Exploits0References12
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2002-1530

Malware in sbrugna...

7.2CVSS6.4AI score0.00062EPSS
Exploits0References2
Rows per page
Query Builder