CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/11/18 4:15 p.m.•2 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS0.01375EPSS

OSV•added 2025/11/18 4:15 p.m.•0 views

CVE-2025-63603

6.5CVSS6.1AI score0.01375EPSS

CVE•added 2025/11/18 12:0 a.m.•8 views

CVE-2025-63603

MCP Data Science Server 0.1.6 (reading-plus-ai/mcp-server-data-exploration) contains a command injection in safe_eval() (src/mcp_server_ds/server.py:108) where exec() runs user scripts without restricting builtins in globals. This allows execution of arbitrary Python code with full system privile...

6.5CVSS8AI score0.01375EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/11/18 12:0 a.m.•5 views

CVE-2025-63604

0.00107EPSS

Cvelist•added 2025/11/18 12:0 a.m.•5 views

CVE-2025-63603

0.01375EPSS

OSV•added 2025/11/17 2:22 a.m.•3 views

HSEC-2025-0006 Private key leak via inherited file descriptor

Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...

6.7AI score

Exploits0References1

SUSE CVE•added 2025/11/14 12:24 a.m.•1 views

SUSE CVE-2025-40166

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...

5.5CVSS6.4AI score0.00024EPSS

Exploits0References10

RedhatCVE•added 2025/11/13 4:2 p.m.•4 views

CVE-2025-40166

4.5CVSS5.2AI score0.00024EPSS

Exploits0References4

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178988

Malicious code in exec-zephyr-xo-izar npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in spawn-exec-zenobia-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08d195fec77b588ee50726619249d1d77aacd06b4a03966370f3dee0c6edc02d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•0 views

EUVD-2025-180155

Malicious code in backend-exec-husky-public npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in izar-ora-exec-genomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d17c4563e99682e42e4eae296514441c01b6f64a6c19ecde3adc967d542d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176166

Malicious code in subduction-exec-redis-gatsby npm...

EUVD-2025-178991

Malicious code in exec-radiometric-aether-juno npm...

EUVD-2025-180235

Malicious code in aurora-exec-nebula-titan npm...

EUVD-2025-176280

Malicious code in spawn-exec-zenobia-ganymede npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in aurora-exec-nebula-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 727d149233b8486494ce40ab83a3e2e4ecf442479f183b3b96baae8f80f59da2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD-2025-178325

Malicious code in izar-ora-exec-genomics npm...

EUVD-2025-176155

Malicious code in subscription-carina-standard-exec npm...