CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6552 matches found

vulnersOsv•added 2025/12/16 9:22 p.m.•8 views

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +150 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.4)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X732-6J76-QMHM...

5.5AI score

Exploits0

Github Security Blog•added 2025/12/16 9:22 p.m.•6 views

Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits

Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...

7AI score

Exploits0References2Affected Software1

NVD•added 2025/12/16 7:16 p.m.•6 views

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS0.00291EPSS

Exploits0References3

EUVD•added 2025/12/16 6:31 p.m.•3 views

EUVD-2025-203796

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

6.1AI score0.00173EPSS

Exploits0References7

OSV•added 2025/12/16 6:15 p.m.•3 views

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

8.3CVSS6.9AI score0.00291EPSS

Exploits0References5

OSV•added 2025/12/16 4:16 p.m.•8 views

AZL-72637 CVE-2025-68284 affecting package kernel for versions less than 6.6.119.3-1

5.8AI score0.00173EPSS

Exploits0References1

UbuntuCve•added 2025/12/16 4:16 p.m.•3 views

CVE-2025-68284

5.9AI score0.00173EPSS

Exploits0References34

OSV•added 2025/12/16 4:16 p.m.•2 views

UBUNTU-CVE-2025-68284

5.9AI score0.00173EPSS

Exploits0References35

CVE•added 2025/12/16 3:6 p.m.•17 views

CVE-2025-68284

CVE-2025-68284 concerns the Linux kernel/libceph: the issue arises from handling the authentication session key where the len field comes from untrusted network packets. The patch adds boundary checks to prevent potential out-of-bounds writes when decrypting the connection secret or processing se...

6.2AI score0.00173EPSS

Exploits0References6

Cvelist•added 2025/12/16 3:6 p.m.•24 views

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

0.00173EPSS

Exploits0References6

OSV•added 2025/12/16 3:6 p.m.•4 views

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

6.5AI score0.00173EPSS

Exploits0References9

UbuntuCve•added 2025/12/16 2:15 p.m.•2 views

CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

5.7AI score0.00199EPSS

Exploits0References10

OSV•added 2025/12/16 2:15 p.m.•3 views

UBUNTU-CVE-2025-40362

5.7AI score0.00199EPSS

Exploits0References11

Snyk•added 2025/12/16 6:23 a.m.•1 views

Malicious Package

Overview sds-auth-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.8AI score

Exploits0References2

EUVD•added 2025/12/16 6:23 a.m.•1 views

EUVD-2025-203505

Malicious code in sds-auth-ui npm...

6.6AI score

Exploits0References1

OSSF Malicious Packages•added 2025/12/16 6:23 a.m.•6 views

Malicious code in sds-auth-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c30a562f838b9db64453d7276cc2e0f4f63c1810fed94fd3e672a90e00d720b1 The package sds-auth-ui was found to contain malicious code. Source: ghsa-malware 4ebd619fe42c2229ad69655d504fa4e869ba861d01647c67418e624e066e0db2 An...

6.9AI score

Exploits0References1

OSV•added 2025/12/16 6:23 a.m.•3 views

MAL-2025-192580 Malicious code in sds-auth-ui (npm)

6.8AI score

Exploits0References1

vulnersOsv•added 2025/12/15 2:39 p.m.•3 views

django-daiquiri (>=1.3.0 <=1.3.1), django-jwt-allauth (>=1.0.3 <=1.2.0) +6 more potentially affected by CVE-2025-65431 via django-allauth (>=65.0.1 <=65.12.1)

django-allauth PYPI version =65.0.1, =1.3.0, =1.0.3, =0.3.8, =4.0.0, =3.11.3, =2.0.0, =1.1.1, =1.1.2 Source cves: CVE-2025-65431 Source advisory: SNYK:PYTHON-DJANGOALLAUTH-14425069...

5.4CVSS5.4AI score0.00141EPSS

Exploits0

Snyk•added 2025/12/15 7:43 a.m.•1 views

Malicious Package

Overview xboxlive-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

EUVD•added 2025/12/15 7:43 a.m.•3 views

EUVD-2025-203350

Malicious code in xboxlive-auth npm...

6.6AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by