CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16813 matches found

Vulnrichment•added 2025/10/14 4:56 p.m.•2 views

CVE-2025-37134 Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS7.5AI score0.01274EPSS

Exploits0References1

Cvelist•added 2025/10/14 4:53 p.m.•6 views

CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...

7.2CVSS0.00501EPSS

Exploits0References1

EUVD•added 2025/10/14 4:53 p.m.•4 views

EUVD-2025-34444

7.2CVSS7AI score0.00501EPSS

Exploits0References2

CNNVD•added 2025/10/14 12:0 a.m.•4 views

HPE Aruba Networking EdgeConnect OS 安全漏洞

HPE Aruba Networking EdgeConnect OS is an operating system from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect OS that stems from an arbitrary file write vulnerability in the web-based management interface, which could lead to the upload of arbitrary files and...

7.2CVSS7.1AI score0.00501EPSS

Exploits0References2

RedhatCVE•added 2025/10/10 4:20 p.m.•4 views

CVE-2025-59976

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file...

7.1CVSS6.6AI score0.0026EPSS

Exploits0References1

RedhatCVE•added 2025/10/10 4:20 p.m.•12 views

CVE-2025-59975

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon httpd of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service DoS. After continuously...

8.7CVSS6.9AI score0.00376EPSS

Exploits0References1

RedhatCVE•added 2025/10/10 4:20 p.m.•7 views

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that shou...

8.6CVSS6.9AI score0.00277EPSS

Exploits0References1

OSV•added 2025/10/10 2:15 p.m.•5 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

6.1CVSS5.2AI score0.0026EPSS

Exploits1References2

CNNVD•added 2025/10/10 12:0 a.m.•7 views

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web based administration page of HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an improper response to the HOST information in the HTTP header field, and can be exploited by an attacker to cause a host header poisoning attack...

6.1CVSS6.6AI score0.00177EPSS

Exploits0References1

EUVD•added 2025/10/09 9:31 p.m.•5 views

EUVD-2025-33583

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

7CVSS6.7AI score0.00721EPSS

Exploits2References2

NVD•added 2025/10/09 9:15 p.m.•5 views

CVE-2025-61773

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

8.1CVSS0.00379EPSS

Exploits0References3

OSV•added 2025/10/09 8:49 p.m.•5 views

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

8.1CVSS7AI score0.00379EPSS

Exploits0References5

NVD•added 2025/10/09 7:15 p.m.•5 views

CVE-2025-4615

7.2CVSS0.00721EPSS

Exploits2References1

OSV•added 2025/10/09 7:15 p.m.•1 views

CVE-2025-4615

7.2CVSS6AI score0.00721EPSS

Exploits2References1

Cvelist•added 2025/10/09 6:28 p.m.•10 views

CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface

7CVSS0.00721EPSS

Exploits2References1

CVE•added 2025/10/09 6:28 p.m.•59 views

CVE-2025-4615

The CVE-2025-4615 entry concerns Palo Alto Networks PAN-OS management web interface. An improper input neutralization vulnerability allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. Affected PAN-OS versions are indicated in Nessus plugin reference...

7.2CVSS6.8AI score0.00721EPSS

Exploits2References1Affected Software1

NVD•added 2025/10/09 4:15 p.m.•10 views

CVE-2025-59976

7.1CVSS0.0026EPSS

Exploits0References1

OSV•added 2025/10/09 4:15 p.m.•1 views

CVE-2025-59976

7.1CVSS5.9AI score0.0026EPSS

Exploits0References1

OSV•added 2025/10/09 4:15 p.m.•3 views

CVE-2025-59968