CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/06/04 2:55 p.m.•8 views

Improper Authorization

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Improper Authorization in the deviceAuthorization plugin. An attacker can gain unauthorized access to a device or deny legitimate user sign-in by submitting ...

8.4CVSS5.6AI score0.00017EPSS

Github Security Blog•added 2026/06/04 2:55 p.m.•8 views

Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending

Am I affected? You are affected if all of the following are true: - You use better-auth at a version = 1.6.0, 1.6.11. - The deviceAuthorization plugin is enabled in your auth config deviceAuthorization in your plugins array. - A third party can observe a pending user code before the legitimate us...

5.7AI score0.00017EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/05/15 7:57 p.m.•6 views

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.7AI score0.00631EPSS

EUVD•added 2026/05/12 6:30 p.m.•8 views

EUVD-2026-29504

6.7AI score0.00631EPSS

Exploits0References3

ATTACKERKB•added 2026/04/03 10:50 p.m.•1 views

CVE-2026-34937

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

7.8CVSS6.2AI score0.00545EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/29 12:0 a.m.•5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.11 contained security vulnerabilities. These vulnerabilities were due to approval integrity issues. When precise file binding was not possible, attackers could modify scripts...

7.3CVSS6AI score0.00132EPSS

RedhatCVE•added 2026/03/26 3:5 p.m.•2 views

CVE-2019-25484

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...

EUVD•added 2026/03/11 9:31 p.m.•6 views

EUVD-2019-19762

NVD•added 2026/03/11 7:16 p.m.•5 views

Exploits0References3

CVE-2019-25484

6.9CVSS0.00123EPSS

Cvelist•added 2026/03/11 6:23 p.m.•30 views

CVE-2019-25484 WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS

6.9CVSS0.00123EPSS

Vulnrichment•added 2026/03/11 6:23 p.m.•2 views

CVE-2019-25484 WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS

ATTACKERKB•added 2026/03/11 6:23 p.m.•3 views

CVE-2019-25484

Exploits0References2Affected Software1

CVE•added 2026/03/11 6:23 p.m.•7 views

CVE-2019-25484

CVE-2019-25484 — WinMPG iPod Convert 3.0 suffers a buffer overflow in the Register dialog. The flaw allows local attackers to crash the application by supplying an oversized payload, e.g., a large string in the User Name and User Code fields, resulting in a denial of service. The issue is localiz...

Positive Technologies•added 2026/03/11 12:0 a.m.•2 views

PT-2026-24778

NVD•added 2026/03/10 5:40 p.m.•1 views

Exploits0References3

CVE-2026-30887

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

9.9CVSS0.00387EPSS

Exploits1References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

Langflow code injection vulnerability

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which stems from a lack of validation for the strings provided by users when processing code parameters. This vulnerability may lead...

9.8CVSS7.6AI score0.02035EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:58 a.m.•6 views

CVE-2023-45616

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of this vulnerabilit...

9.8CVSS8.7AI score0.02132EPSS

OSV•added 2025/10/14 8:15 p.m.•1 views

CVE-2025-61806

Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS5.9AI score0.00188EPSS