CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

683 matches found

Hacker One•added 2025/11/11 3:25 p.m.•14 views

AWS VDP: AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints

A vulnerability was discovered in the AWS Auto Scaling service, where 6 API endpoints incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail logs. This allowed the adversary to perform API calls using these endpoints and evade the logging of their IP address a...

6.8AI score

Exploits0

EUVD•added 2025/11/07 6:30 p.m.•4 views

EUVD-2025-38270

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

7.1CVSS6.3AI score0.00065EPSS

Exploits0References2

Vulnrichment•added 2025/11/07 3:11 p.m.•3 views

CVE-2025-57712 Qsync Central

7.1CVSS6.4AI score0.00065EPSS

Exploits0References1

Cvelist•added 2025/11/07 3:11 p.m.•6 views

CVE-2025-57712 Qsync Central

7.1CVSS0.00065EPSS

Exploits0References1

AstraLinux•added 2025/11/01 10:54 a.m.•2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Do not report a BUG when INLINEDATAFL lacks the system.data xattr attribute. A syzbot fuzed image triggered a BUG in ext4updateinlinedata, when an inode had the INLINEDATAFL flag set but lacked the system.data extended...

5.5CVSS7.1AI score0.0002EPSS

Exploits0References3

Cvelist•added 2025/10/23 11:29 a.m.•8 views

CVE-2025-62395 Moodle: external cohort search service leaks system cohort data

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS0.00044EPSS

Exploits0References2

EUVD•added 2025/10/23 3:38 a.m.•4 views

EUVD-2025-35649

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS5.8AI score0.0006EPSS

Exploits0References2

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43462

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A security issue exists in the Android Framework that could allow a remote attacker to escalate privileges. The issue involves a permissions bypass that may allow launching activities from th...

7.8CVSS8.1AI score0.00206EPSS

Exploits0References74

Positive Technologies•added 2025/10/23 12:0 a.m.•3 views

PT-2025-43506

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue resides in the hasAccountsOnAnyUser function within DevicePolicyManagerService.java. A logic error in the code allows for the addition of a Device Owner after provisioning. This can...

5.5CVSS8.2AI score0.00097EPSS

Exploits0References80

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43443

Name of the Vulnerable Software and Affected Versions cohort search web service affected versions not specified Description A flaw exists in the cohort search web service that allows users with limited permissions to access cohort information intended for system-level access. This results in the...

4.3CVSS6.2AI score0.00044EPSS

Exploits0References12

NCSC•added 2025/10/14 11:22 a.m.•5 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...

9.8CVSS7.6AI score0.0158EPSS

Exploits5References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-9078

Malware in sbrugna...

7.5CVSS7.6AI score0.00306EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-1999-1469

Malware in sbrugna...

5CVSS6.4AI score0.06312EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-0985

Malware in sbrugna...

5CVSS6.4AI score0.00551EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-17066

Malware in sbrugna...

5.5CVSS6.5AI score0.00188EPSS

Exploits1References10

Tenable Nessus•added 2025/10/07 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-383594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-383594 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an...

7.8CVSS6.3AI score0.00021EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-27836

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00094EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-27834

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00094EPSS

Exploits0References2