CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4565 matches found

CVE•added 2025/10/09 7:18 a.m.•42 views

CVE-2025-11539

Grafana Image Renderer (grafana-image-renderer) is affected by an ARBITRARY FILE WRITE leading to remote code execution via /render/csv, where a lack of validation of filePath allows saving a shared object to an arbitrary location loaded by Chromium. Affected versions are 1.0.0 through 4.0.16. Ex...

9.9CVSS8AI score0.0058EPSS

Exploits0References2

CNNVD•added 2025/10/09 12:0 a.m.•2 views

grafana-image-renderer 安全漏洞

grafana-image-renderer is a Grafana open source backend plugin for Grafana. A security vulnerability exists in grafana-image-renderer versions 1.0.0 through 4.0.16, which stems from the /render/csv endpoint that does not validate the filePath parameter, which could lead to remote code execution...

9.9CVSS7.5AI score0.0058EPSS

Exploits0References4

CNNVD•added 2025/10/09 12:0 a.m.•15 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. in the United States, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE...

7.5CVSS6.7AI score0.00485EPSS

Exploits0References5

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41359

Name of the Vulnerable Software and Affected Versions Grafana Image Renderer versions 1.0.0 through 4.0.16 Description Grafana Image Renderer is susceptible to remote code execution due to an arbitrary file write issue. The /render/csv API endpoint lacks proper validation of the filePath paramete...

9.9CVSS7.8AI score0.0058EPSS

Exploits0References14

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41385

Name of the Vulnerable Software and Affected Versions IBM Aspera versions 5.0.0 through 5.0.13.1 Description The software may reveal sensitive user information to a user who is already authorized, because of a difference in the data that is returned. Recommendations Update to a version later than...

4.3CVSS6.2AI score0.00209EPSS

Exploits0References5

vulnersOsv•added 2025/10/08 11:32 p.m.•3 views

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=4.1.0-26.0 <=5.5.1), net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=9.1) +27 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=26.0.0 <=26.5.6)

org.keycloak:keycloak-model-storage-services MAVEN version =26.0.0, =4.1.0-26.0, =8.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.4.0, =26.1.0, =26.2.0, =26.2.0, =26.5.6 - org.keycloak.testframework:keycloak-test-framework-oauth-nimbus-poc...

4.9CVSS5.8AI score0.00464EPSS

Exploits0

NVD•added 2025/10/08 10:15 p.m.•5 views

CVE-2025-11535

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

8.8CVSS0.00111EPSS

Exploits0References1

Cvelist•added 2025/10/08 10:7 p.m.•8 views

CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

8.8CVSS0.00111EPSS

Exploits0References1

MongoDB•added 2025/10/08 9:26 p.m.•8 views

MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

8.8CVSS7AI score0.00111EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 7:32 p.m.•3 views

EUVD-2025-32888

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

6.7CVSS6.4AI score0.0062EPSS

Exploits0References1

CVE•added 2025/10/07 6:43 p.m.•9 views

CVE-2025-43891

CVE-2025-43891 affects Dell PowerProtect Data Domain products running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The vulnerability is a use of a Broken or Risky Cryptographic Algorithm in the Authentication process, allowin...

7.5CVSS6.5AI score0.00198EPSS

Exploits0References1Affected Software1

CVE•added 2025/10/07 6:2 p.m.•9 views

CVE-2025-43906

Dell PowerProtect Data Domain (DD OS) affected releases include 7.7.1.0–8.3.0.15, 8.3.1.0 (DD OS LTS2025), 7.13.1.0–7.13.1.30 (LTS2024), and 7.10.1.0–7.10.1.60 (LTS2023). The issue is an Improper Neutralization of Special Elements used in OS Commands (OS Command Injection) that could allow a high...

6.7CVSS6.6AI score0.0062EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-1730

Malware in sbrugna...

6.5CVSS6.6AI score0.01272EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-4103

Malware in sbrugna...

6.5CVSS6.1AI score0.02078EPSS

Exploits1References14