CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1411 matches found

NCSC•added 2025/08/13 7:25 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

9.8CVSS7.9AI score0.36074EPSS

Exploits12References1

Cvelist•added 2025/08/12 6:59 p.m.•6 views

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

6.7CVSS0.00462EPSS

Exploits0References1

NVD•added 2025/08/12 6:15 p.m.•1 views

CVE-2025-53738

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS0.00485EPSS

Exploits0References1

CVE•added 2025/08/12 5:10 p.m.•31 views

CVE-2025-50169

CVE-2025-50169 is a Windows SMB remote code execution vulnerability driven by a race condition in the SMB server where concurrent access to a shared resource is improperly synchronized. Publicly disclosed details in the provided documents confirm: the flaw exists in Windows SMB and enables code e...

7.5CVSS7.6AI score0.00601EPSS

Exploits0References1Affected Software2

CNNVD•added 2025/08/12 12:0 a.m.•2 views

Fortinet FortiADC 操作系统命令注入漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC version 7.2.0 and versions prior to 7.1.1, which stems from OS command injection and could lead to the execution of unauthorized code...

7.2CVSS7.5AI score0.01123EPSS

Exploits0References2

SUSE CVE•added 2025/08/11 11:22 p.m.•1 views

SUSE CVE-2025-54997

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS7.5AI score0.00349EPSS

Exploits0References4

CNNVD•added 2025/08/09 12:0 a.m.•3 views

OpenBao 代码注入漏洞

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...

9.1CVSS7.7AI score0.00349EPSS

Exploits0References5

Rosalinux•added 2025/08/06 8:30 a.m.•3 views

Advisory ROSA-SA-2025-2926

software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...

7.4CVSS7.7AI score0.10259EPSS

Exploits1

Zero Day Initiative•added 2025/07/29 12:0 a.m.•5 views

AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG TuneUp...

7.8CVSS6.7AI score0.00137EPSS

Exploits0

Github Security Blog•added 2025/07/27 9:30 a.m.•7 views

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

10CVSS7.9AI score0.17653EPSS

Exploits1References4Affected Software1

NVD•added 2025/07/21 8:15 p.m.•5 views

CVE-2025-7254

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00203EPSS

Exploits0References1

NVD•added 2025/07/20 1:15 a.m.•13 views

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

9.8CVSS0.99977EPSS

Exploits41References13

Tenable Nessus•added 2025/07/20 12:0 a.m.•13 views

Security Updates for Microsoft SharePoint Server 2019

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to...

9.8CVSS8.3AI score0.99977EPSS

Exploits41References5

CISA KEV Catalog•added 2025/07/20 12:0 a.m.•49 views

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the update...

9.8CVSS8.7AI score0.99977EPSS

In wildExploits41