CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/09/25 4:10 a.m.•3 views

Malicious code in truelayer-assignment (npm)

The package truelayer-assignment was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cb2b1d58a741e8bce6ef15fb465d4c1d070891603626cd0ff81d09e23d05a76 Any computer that has this package installed or running should be considered fully...

6.9AI score

OSV•added 2025/09/25 4:10 a.m.•2 views

MAL-2025-47568 Malicious code in truelayer-assignment (npm)

6.9AI score

NVD•added 2025/09/24 9:15 p.m.•5 views

CVE-2025-59827

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges e.g., Staff to themselves. This could lead to privilege escalation and impersonation of administrative...

9.8CVSS0.00334EPSS

OSV•added 2025/09/24 7:15 p.m.•11 views

CVE-2025-57351

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...

6.5CVSS6.2AI score0.00391EPSS

NVD•added 2025/09/24 7:15 p.m.•3 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

9.8CVSS0.00491EPSS

RedhatCVE•added 2025/09/24 12:28 a.m.•9 views

CVE-2025-57605

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...

8.8CVSS6.7AI score0.00276EPSS

CVE•added 2025/09/24 12:0 a.m.•11 views

CVE-2025-57351

The CVE-2025-57351 entry concerns the ts-fns npm package, affected in versions prior to 13.0.7. The root cause is insufficient validation of user-provided keys in the assign function, enabling prototype pollution by manipulating the Object.prototype chain. This can inject arbitrary properties int...

6.5CVSS7.3AI score0.00391EPSS

RedHat Linux•added 2025/09/22 2:18 p.m.•4 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00108EPSS

Exploits0References5

RedHat Linux•added 2025/09/22 11:7 a.m.•1 views

kernel: vsock: Fix transport_* TOCTOU

4.7CVSS6.8AI score0.00108EPSS

Exploits0References5

CVE•added 2025/09/22 12:0 a.m.•16 views

CVE-2025-57605

CVE-2025-57605 affects AiKaan IoT Platform: lack of server-side authorization on department admin assignment APIs allows authenticated users to elevate privileges by assigning themselves as admins of other departments, leading to unauthorized privilege escalation across the department. Documented...

8.8CVSS6.3AI score0.00276EPSS

Positive Technologies•added 2025/09/22 12:0 a.m.•4 views

PT-2025-38732

Name of the Vulnerable Software and Affected Versions AiKaan IoT Platform affected versions not specified Description A missing server-side authorization check in the department admin assignment APIs within the AiKaan IoT Platform permits authenticated users to gain elevated privileges...

8.8CVSS6.5AI score0.00276EPSS

CNNVD•added 2025/09/22 12:0 a.m.•1 views

AiKaan IoT Platform 安全漏洞

AiKaan IoT Platform is an edge device management platform from AiKaan India. AiKaan IoT Platform has a security vulnerability that stems from a lack of server-side authorization for departmental administrators to assign APIs, which could lead to unauthorized elevation of privileges...

8.8CVSS6.7AI score0.00276EPSS

Vulnrichment•added 2025/09/22 12:0 a.m.•2 views

CVE-2025-57605

6.3AI score0.00276EPSS

SUSE CVE•added 2025/09/17 11:29 p.m.•1 views

SUSE CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

5.5CVSS6.4AI score0.00151EPSS

Snyk•added 2025/09/17 8:42 p.m.•2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS

Snyk•added 2025/09/17 8:42 p.m.•2 views

Incorrect Permission Assignment for Critical Resource

5.1CVSS6.6AI score0.00106EPSS

Snyk•added 2025/09/17 8:42 p.m.•1 views

Incorrect Permission Assignment for Critical Resource

5.1CVSS6.6AI score0.00106EPSS