CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/18 9:46 p.m.•1 views

CVE-2026-32943 Parse Server has a password reset token single-use bypass via concurrent requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.28 and 8.6.48, the password reset mechanism does not enforce single-use guarantees for reset tokens. When a user requests a password reset, the generated token can be...

2.3CVSS5.8AI score0.00012EPSS

Exploits0References5

Vulnrichment•added 2026/03/07 4:6 p.m.•0 views

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

8.1CVSS5.7AI score0.00034EPSS

GithubExploit•added 2026/02/03 4:46 p.m.•135 views

openclaw-security-quiz

🔒 Security & Best Practices Quiz A mobile-friendly quiz app w...

5.7AI score

GithubExploit•added 2026/01/20 6:28 a.m.•134 views

security-antipatterns-javascript

Security Anti-Patterns for JavaScript AI coding agents don't...

6AI score

RedhatCVE•added 2026/01/09 11:29 a.m.•6 views

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

5.1CVSS6.8AI score0.00056EPSS

RedhatCVE•added 2026/01/09 8:42 a.m.•5 views

CVE-2022-31142

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

7.5CVSS6.6AI score0.00739EPSS

Fedora•added 2025/12/03 12:59 a.m.•4 views

[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS7AI score0.00046EPSS

RedhatCVE•added 2025/11/01 2:20 p.m.•1 views

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

5.3CVSS6.5AI score0.00014EPSS

Positive Technologies•added 2025/10/31 12:0 a.m.•1 views

PT-2025-44624

Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25 Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure...

5.3CVSS6.2AI score0.00014EPSS

Exploits0References5

NVD•added 2025/10/28 9:15 p.m.•2 views

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS0.00015EPSS

Exploits0References3

EUVD•added 2025/10/28 8:53 p.m.•1 views

EUVD-2025-36570

3.8CVSS6.3AI score0.00015EPSS

Exploits0References3

Debian CVE•added 2025/10/10 12:0 a.m.•4 views

CVE-2025-61152

Removed by vendor...

6.5CVSS6.7AI score0.00068EPSS

OSV•added 2025/10/09 10:40 p.m.•1 views

MAL-2025-48238 Malicious code in token_security_check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b62a85484e47dd76287cbde832200d5fed78a12b681c06710549f39f11bb433 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSSF Malicious Packages•added 2025/10/09 10:40 p.m.•3 views

Malicious code in token_security_check (npm)

6.9AI score

Snyk•added 2025/10/09 10:40 p.m.•2 views

Malicious Package

Overview tokensecuritycheck is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-14355

Malware in sbrugna...

9.8CVSS9.5AI score0.00153EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8306

Malware in sbrugna...

8.8CVSS8.7AI score0.00303EPSS