CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2612 matches found

OSV•added 2025/10/15 5:56 p.m.•2 views

GHSA-RFH5-C9H5-Q8JM reflex-dev/reflex has an Open Redirect vulnerability

Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...

3.1CVSS7.3AI score0.00059EPSS

Exploits0References6

OSV•added 2025/10/09 3:26 p.m.•1 views

GHSA-365G-VJW2-GRX8 n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

8.8CVSS6.2AI score

Exploits0References2

Snyk•added 2025/10/09 3:26 p.m.•2 views

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS8AI score

Exploits0References2

Snyk•added 2025/10/09 3:26 p.m.•1 views

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS7.9AI score

Exploits0References2

EUVD•added 2025/10/08 12:32 a.m.•4 views

EUVD-2025-31861

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

7.5CVSS7.3AI score0.00043EPSS

Exploits1References7

Tenable Nessus•added 2025/10/08 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacke...

5.9CVSS8.6AI score0.00067EPSS

Exploits0References2

RedhatCVE•added 2025/10/07 4:27 p.m.•3 views

CVE-2025-59159

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing...

9.6CVSS6.4AI score0.00009EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-4255

Malware in sbrugna...

1.9CVSS6.3AI score0.00073EPSS

Exploits1References13

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-12292

Malware in sbrugna...

7.4CVSS7.6AI score0.00341EPSS

Exploits1References4