CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The U.S. Cybersecurity and Infrastructure Security Agency CISA added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 CVSS score: 9...

9.8CVSS8.7AI score0.69265EPSS

Exploits4

CISA•added 2025/07/22 12:0 p.m.•12 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

9.8CVSS7.3AI score0.768EPSS

In wildExploits10References9

CISA KEV Catalog•added 2025/07/22 12:0 a.m.•17 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS9.5AI score0.62605EPSS

In wildExploits2

CISA KEV Catalog•added 2025/07/22 12:0 a.m.•6 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS9.5AI score0.69265EPSS

In wildExploits1

RedhatCVE•added 2025/05/23 4:6 a.m.•3 views

CVE-2023-47247

In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...

4.3CVSS6.8AI score0.00056EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:2 a.m.•3 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS6.8AI score0.0008EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:58 a.m.•8 views

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

9.8CVSS7.4AI score0.9438EPSS

Exploits3References1

RedhatCVE•added 2025/05/23 12:38 a.m.•5 views

CVE-2022-40323

SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR 67241...

6.1CVSS6.1AI score0.00669EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:38 p.m.•2 views

CVE-2022-40322

SysAid Help Desk before 22.1.65 allows XSS, aka FR 66542 and 65579...

6.1CVSS6.3AI score0.00669EPSS

Exploits0References1