CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

406 matches found

EUVD-2025-210150

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.5AI score0.00163EPSS

Exploits0References3

CVE•added 2 days ago•5 views

CVE-2025-55652

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...

5.5CVSS5.6AI score0.00163EPSS

Exploits0References2

Vulnrichment•added 2 days ago•5 views

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00163EPSS

Exploits0References1

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011281)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011281 advisory. In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code...

5.7AI score0.00166EPSS

Exploits0References4

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010733 advisory. In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vpvdparemove When vpvdpa driver is unbind, vpvdpa is freed in...

5.5CVSS5.7AI score0.00201EPSS

Exploits0References4

Github Security Blog•added 2026/04/16 1:2 a.m.•4 views

Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME

Summary downloadPackageManager in vite-plus/binding accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments to escape the VPHOME/packagemanager// cache root and cause Vite+ to delete, replace, and populate directories outside the intended cac...

10CVSS5.8AI score0.00311EPSS

Exploits1References3Affected Software1

OSV•added 2026/04/16 1:2 a.m.•3 views

GHSA-33R3-4WHC-44C2 Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME

10CVSS5.8AI score0.00311EPSS

Exploits1References3

ICS•added 2026/04/02 6:0 a.m.•6 views

Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

2.1CVSS5.8AI score0.00165EPSS

Exploits0References13

CNNVD•added 2026/03/30 12:0 a.m.•4 views

Yokogawa CENTUM VP 安全漏洞

Yokogawa CENTUM VP is a distributed control system platform developed by Yokogawa Electric Corporation in Japan. There are security vulnerabilities in Yokogawa CENTUM VP, which stem from hardcoded passwords. This could allow attackers to log in as PROG users under certain conditions...

2.1CVSS5.8AI score0.00165EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 7:30 p.m.•6 views

Malicious code in open-vp-cal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...

5.9AI score

Exploits0References1

OSV•added 2026/03/24 7:30 p.m.•2 views

MAL-2026-2138 Malicious code in open-vp-cal (PyPI)

5.9AI score

Exploits0References1

Packet Storm•added 2026/03/23 12:0 a.m.•165 views

📄 Digital Watchdog DVR VMAX / DW-VP / DW-VA Credential Disclosure / Code Execution

Digital Watchdog DVR versions VMAX, DW-VP, and DW-VA suffer from unauthenticated credential disclosure and post-authentication remote code execution vulnerabilities. Exploit Title: Digital Watchdog DVR VMAX/DW-VP/DW-VA unauth credential disclosure and post-auth RCE Date: 2026-01-06 Exploit Author...

6.5AI score

Exploits0

RedhatCVE•added 2026/02/14 7:23 a.m.•26 views

CVE-2025-48020

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package for CENTU...

6.5CVSS5.2AI score0.00229EPSS

Exploits0References1

RedhatCVE•added 2026/02/14 7:23 a.m.•1 views

CVE-2025-48019

6.5CVSS5.2AI score0.00212EPSS

Exploits0References1

RedhatCVE•added 2026/02/14 7:23 a.m.•18 views

CVE-2025-48022

6.5CVSS5.2AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2026/02/14 7:23 a.m.•4 views

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

8.2CVSS5.5AI score0.00191EPSS

Exploits0References1

RedhatCVE•added 2026/02/14 7:23 a.m.•3 views

CVE-2025-48021

6.5CVSS5.2AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2026/02/14 7:23 a.m.•3 views

CVE-2025-48023

6.5CVSS5.2AI score0.00171EPSS

Exploits0References1

OSV•added 2026/02/13 6:16 a.m.•3 views

CVE-2025-48023