CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Positive Technologies•added 2026/05/26 12:0 a.m.•4 views

PT-2026-43322

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows privilege escalation through the 'com users group editing webservice' endpoint. Recommendations At the moment, there is no...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References4

EUVD•added 2026/03/16 3:30 p.m.•3 views

EUVD-2017-18930

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS6.2AI score0.00019EPSS

Exploits1References8

Positive Technologies•added 2026/03/16 12:0 a.m.•2 views

PT-2026-25736

8.5CVSS6.2AI score0.00019EPSS

Exploits1References8

CVE•added 2026/03/15 6:34 p.m.•3 views

CVE-2017-20218

CVE-2017-20218 affects Serviio PRO 1.8 on Windows. The vulnerability is twofold: (1) an unquoted search path in the Windows service allows local attackers to run arbitrary code with elevated privileges by dropping malicious executables in the system root, and (2) overly permissive directory ACLs ...

8.5CVSS6.2AI score0.00019EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-10918

Malware in sbrugna...

6.1CVSS6.3AI score0.01035EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-2853

Malware in sbrugna...

4.6CVSS6.4AI score0.0012EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-1157

Malware in sbrugna...

6.5CVSS7.5AI score0.00268EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-3368

Malware in sbrugna...

4CVSS6.1AI score0.00198EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-48206

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00108EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-48200

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00124EPSS

Exploits0References1

Cvelist•added 2025/09/10 12:0 a.m.•6 views

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

0.00028EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 12:17 a.m.•4 views

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

4.3CVSS7AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:47 p.m.•4 views

CVE-2022-45301

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder...

4.3CVSS6.9AI score0.00124EPSS

Exploits0References1

OSV•added 2025/03/26 2:8 p.m.•7 views

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

4.3CVSS6.4AI score0.00106EPSS

Exploits0References4

Positive Technologies•added 2024/11/07 12:0 a.m.•3 views

PT-2024-16343 · Rapid7 · Rapid7 Velociraptor Msi Installer

Name of the Vulnerable Software and Affected Versions: Rapid7 Velociraptor MSI Installer versions prior to 0.73.3 Description: The issue arises from the Rapid7 Velociraptor MSI Installer creating the installation directory with WRITE DACL permission to the BUILTINUsers group. This allows local...

8.6CVSS7.9AI score0.00022EPSS

Exploits0References9

The Hacker News•added 2024/08/10 5:35 a.m.•79 views

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 CVSS score: 7.5, has been described as a spoofing flaw that affects the...

9.1CVSS6.3AI score0.58662EPSS

Exploits2

OSV•added 2024/07/09 5:15 p.m.•1 views

CVE-2024-5652

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

5.5CVSS5.8AI score

Exploits0References1

CNVD•added 2022/11/30 12:0 a.m.•19 views

Chocolatey Cmder has an unspecified vulnerability

Chocolatey Cmder is a package open sourced by Chocolatey. Chocolatey Cmder v1.3.20 and earlier versions contain a security vulnerability. An attacker could gain write access to the path C:\tools\Cmder and all files located in that folder for all users in the Authenticated Users group...

4.3CVSS3.5AI score0.00124EPSS

Exploits0References1

Vulnrichment•added 2022/11/29 12:0 a.m.•3 views

CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder...

5.1AI score0.00108EPSS

Exploits0References1

Vulnrichment•added 2022/11/29 12:0 a.m.•3 views

CVE-2022-45307

5.2AI score0.00108EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by