CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Tenda AC10 versions 16.03.10.09 multi TDE01 Description An input validation flaw exists in the 'ate' service that allows for privilege escalation to root via a crafted UDP packet. Recommendations Update to a newer firmware version to address...

5.3CVSS6.8AI score0.00087EPSS

Exploits0References5

QT•added 2025/06/30 12:0 a.m.•14 views

Security advisory: Recently reported incomplete cleanup issue in Qt's Schannel handling can impact Qt

There is a "Incomplete Cleanup" problem in Qt’s Schannel handling when it is used to provide a server handling incoming TLS connections. This has been assigned the CVE id CVE-2025-6338. Affected versions: This issue affects only the Schannel functionality on Windows if it is turned on in Qt 5.15...

9.2CVSS6.2AI score0.00108EPSS

Exploits0

RedhatCVE•added 2025/05/23 9:53 a.m.•4 views

CVE-2024-7394

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

4.8CVSS4.8AI score0.03921EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:30 p.m.•4 views

CVE-2020-22173

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

7.5CVSS7.8AI score0.01984EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:20 p.m.•2 views

CVE-2020-23083

Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload"...

9.8CVSS8.2AI score0.10612EPSS

Exploits1

Rapid7 Blog•added 2025/05/22 12:0 p.m.•34 views

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...

7.8AI score

Exploits0

RedhatCVE•added 2025/02/05 10:28 p.m.•3 views

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

8.5CVSS7.5AI score0.00093EPSS

Exploits0References1

Vulnrichment•added 2024/11/12 12:49 p.m.•8 views

CVE-2024-50310

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 6GK7543-1AX10-0XE0 All versions = V4.0.44 V4.0.50. Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem...

8.7CVSS7.3AI score0.00561EPSS

Exploits0References1

Akamai Blog•added 2024/11/08 2:0 p.m.•7 views

Finding Solutions to Meet PCI DSS v4.0 Requirements 6.4.3 and 11.6.1

...

7.3AI score

Exploits0

HackRead•added 2024/09/04 2:0 p.m.•8 views

Criminal IP Secures PCI DSS v4.0 Certification, Enhancing Payment Security with Top-Level Compliance

Torrance, United States / California, 4th September 2024, CyberNewsWire...

7.3AI score

Exploits0

OSV•added 2024/08/12 1:38 p.m.•11 views

CVE-2024-4350

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

4.8CVSS4.9AI score

Exploits0References4