CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6720 matches found

Cvelist•added 2026/01/30 9:51 p.m.•20 views

CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

5.3CVSS0.00387EPSS

Exploits0References1

ATTACKERKB•added 2026/01/30 9:51 p.m.•1 views

CVE-2026-25152

5.3CVSS6AI score0.00387EPSS

Exploits0References2Affected Software1

CVE•added 2026/01/30 9:51 p.m.•17 views

CVE-2026-25152

The CVE-2026-25152 entry concerns the Backstage @backstage/plugin-techdocs-node, where versions before 1.13.11 and 1.14.1 allow path traversal via the TechDocs local generator when techdocs.generator.runIn is set to local. This permits reading arbitrary host files as MkDocs follows symlinks in do...

6.5CVSS6AI score0.00387EPSS

Exploits0References1Affected Software1

OSV•added 2026/01/30 9:51 p.m.•5 views

CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator

5.3CVSS6AI score0.00387EPSS

Exploits0References3

Patchstack•added 2026/01/30 6:21 a.m.•7 views

WordPress Favicon Generator plugin < 2.1 - Arbitrary File Deletion via CSRF vulnerability

Arbitrary File Deletion via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Favicon Generator versions 2.1...

6.5CVSS5.9AI score0.00245EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/01/30 12:0 a.m.•5 views

Backstage path traversal vulnerability

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.13.11 and 1.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the local generator’s inability to prevent path...

6.5CVSS5.9AI score0.00387EPSS

Exploits0References2

Packet Storm News•added 2026/01/29 12:0 a.m.•2 views

Microsoft Windows Script Host 5.812 File Generator

Microsoft Windows Script Host version 5.812 .vbs file generation tool that can be used to establish persistence on Windows systems...

5.9AI score

Exploits0

Packet Storm News•added 2026/01/29 12:0 a.m.•4 views

QCL-IDS: Quantum Continual Learning for Intrusion Detection with Fidelity-Anchored Stability and Generative Replay

Continual intrusion detection must absorb newly emerging attack stages while retaining legacy detection capability under strict operational constraints, including bounded compute and qubit budgets and privacy rules that preclude long-term storage of raw telemetry. We propose QCL-IDS, a...

5.9AI score

Exploits0

NVD•added 2026/01/28 4:16 p.m.•3 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

4.8CVSS0.00176EPSS

Exploits0References2

GithubExploit•added 2026/01/28 1:24 p.m.•151 views

Exploit for Improper Initialization in Linux Linux_Kernel

Naive detector and reproducer of CVE-2022-0847 dirty pipe. Use...

7.8CVSS6AI score0.89063EPSS

Exploits100

Snyk•added 2026/01/28 6:44 a.m.•1 views

Malicious Package

Overview transform-async-to-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/01/28 6:44 a.m.•7 views

Malicious code in transform-async-to-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3375385fb6c066445341256f9ce616582a713468ea0649853056c24b4aaf1776 The package transform-async-to-generator was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

OSV•added 2026/01/28 6:44 a.m.•3 views

MAL-2026-560 Malicious code in transform-async-to-generator (npm)

5.8AI score

Exploits0References1

Cvelist•added 2026/01/28 12:0 a.m.•26 views

CVE-2025-70336

0.00176EPSS

Exploits0References2

EUVD•added 2026/01/28 12:0 a.m.•3 views

EUVD-2025-206501

4.8CVSS5.9AI score0.00176EPSS

Exploits0References2

CNNVD•added 2026/01/28 12:0 a.m.•4 views

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

4.8CVSS6AI score0.00176EPSS

Exploits0References2

Positive Technologies•added 2026/01/28 12:0 a.m.•5 views

PT-2026-5134

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description A stored cross-site scripting XSS issue exists in the 'Create New Live Item' functionality. This allows remote attackers to inject arbitrary script or HTML through the 'TITLE', 'SHORT DESCRIPTION', an...

4.8CVSS5.3AI score0.00176EPSS

Exploits0References6

OSV•added 2026/01/27 7:55 p.m.•4 views

GHSA-WXHW-J4HC-FMQ6 SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor

Summary A sandbox escape vulnerability due to AsyncFunction not being isolated in SandboxFunction Details The library attempts to sandbox code execution by replacing the global Function constructor with a safe, sandboxed version SandboxFunction. This is handled in utils.ts by mapping Function to...

10CVSS6.3AI score0.01122EPSS

Exploits1References4