CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/12/11 7:1 p.m.•2 views

CVE-2025-64887

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

5.4CVSS5.7AI score0.00025EPSS

RedhatCVE•added 2025/12/11 7:1 p.m.•1 views

CVE-2025-64799

5.4CVSS5.5AI score0.00025EPSS

RedhatCVE•added 2025/12/11 7:1 p.m.•3 views

CVE-2025-64801

5.4CVSS5.5AI score0.00025EPSS

RedhatCVE•added 2025/12/11 7:0 p.m.•2 views

CVE-2025-64858

5.4CVSS5.6AI score0.00025EPSS

EUVD•added 2025/12/11 7:32 a.m.•2 views

EUVD-2025-202667

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious...

8CVSS6.5AI score0.00106EPSS

Exploits0References4

EUVD•added 2025/12/11 12:30 a.m.•2 views

EUVD-2024-55317

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through...

8.7CVSS7.9AI score0.00228EPSS

Exploits1References5

Tenable Nessus•added 2025/12/11 12:0 a.m.•2 views

Fedora 43 : wireshark (2025-0e41e63705)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e41e63705 advisory. New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be...

7.8CVSS5.6AI score0.00013EPSS

Exploits0References3

OSV•added 2025/12/10 10:16 p.m.•1 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS6.3AI score0.00541EPSS

NVD•added 2025/12/10 10:16 p.m.•2 views

CVE-2024-58280

8.8CVSS0.00541EPSS

EUVD•added 2025/12/10 9:31 p.m.•2 views

EUVD-2025-202513

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202479

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202572

EUVD•added 2025/12/10 9:31 p.m.•2 views

EUVD-2025-202471

Cvelist•added 2025/12/10 9:14 p.m.•18 views

CVE-2024-58282 Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

8.6CVSS0.00377EPSS

Cvelist•added 2025/12/10 9:13 p.m.•16 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

8.6CVSS0.00541EPSS

CVE•added 2025/12/10 9:12 p.m.•16 views

CVE-2024-58279

CVE-2024-58279 affects appRain CMF 4.0.5. An authenticated administrator can upload a crafted PHP file via the filemanager/upload endpoint, leading to remote code execution and the potential formation of a web shell with command execution in the uploads directory. Multiple connected sources corro...

8.8CVSS7.8AI score0.00615EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/10 7:16 p.m.•2 views

CVE-2025-64869

5.4CVSS5.7AI score

NVD•added 2025/12/10 7:16 p.m.•3 views

CVE-2025-64845

5.4CVSS0.00025EPSS