CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2025/11/15 8:15 a.m.•2 views

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

3.5CVSS5.9AI score0.00258EPSS

UbuntuCve•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

4.3CVSS5.9AI score0.00242EPSS

Packet Storm News•added 2025/11/13 12:0 a.m.•10 views

Decoupling Bias, Aligning Distributions: Synergistic Fairness Optimization for Deepfake Detection

Fairness is a core element in the trustworthy deployment of deepfake detection models, especially in the field of digital identity security. Biases in detection models toward different demographic groups, such as gender and race, may lead to systemic misjudgments, exacerbating the digital divide...

6.7AI score

OSSF Malicious Packages•added 2025/11/12 7:18 p.m.•3 views

Malicious code in anidta-hauli-mudisli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba2b3327ec00ffa5e14ba23007c0944039502098dd18fe0bbb60ae23b91474b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 7:18 p.m.•2 views

MAL-2025-174428 Malicious code in goodai-sunabi-cufau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321e5c91c8ab17357dbd36b4344e391e5c564b533777b3de04f8a5404d110e1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/12 6:31 p.m.•3 views

EUVD-2025-131919

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS6.2AI score0.00453EPSS

EUVD•added 2025/11/12 6:31 p.m.•3 views

EUVD-2025-131921

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS6.1AI score0.00397EPSS

OSSF Malicious Packages•added 2025/11/12 6:0 p.m.•3 views

Malicious code in pedromartins (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c1a221f40eb857b3c559160343fa97adc32a28b9952750fb6d78618a8370dd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

RedhatCVE•added 2025/11/12 5:7 p.m.•2 views

CVE-2025-30182

Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...

6.7CVSS6.5AI score0.00101EPSS

Exploits0References1

OSV•added 2025/11/12 4:47 p.m.•2 views

MAL-2025-155961 Malicious code in ican-poke79 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e7411cf4a268df43848d18631f3ce1fe0b413e2c506a59507641ad39a44930 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:47 p.m.•1 views

MAL-2025-163884 Malicious code in nusdtafr-msiuyu-muaivcascf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d6a680cf404f3f731f307d1e2d525068b837a092c814fccba15b1c6c548f4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Debian CVE•added 2025/11/12 4:40 p.m.•6 views

CVE-2025-59089

5.9CVSS5.5AI score0.00453EPSS

OSSF Malicious Packages•added 2025/11/12 4:29 a.m.•3 views

Malicious code in eslint-plugin-element-ui-hyperion-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5038fe2a3c36f89c8648d1958ea6266b9e56a0ef60f2efb00d26435c3e79a2b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/11 8:46 p.m.•2 views

MAL-2025-130019 Malicious code in sari-brongkos73-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bae65c66f97f0c4a2ba607a861499077f0a13c807113031c49843ecdc10c699 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 8:46 p.m.•3 views

Malicious code in citra-nasi47-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b26316d8d883e0c5edd7cc50b4dfebb0e9232a66fb4b257c2877211ff81ba483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...