CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6553 matches found

Cvelist•added 2025/11/20 12:0 a.m.•6 views

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

0.00182EPSS

Exploits0References3

Tenable Nessus•added 2025/11/20 12:0 a.m.•7 views

TencentOS Server 4: skopeo (TSSA-2025:0634)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0634 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6CVSS7.4AI score0.00355EPSS

Exploits0References2

Tenable Nessus•added 2025/11/19 12:0 a.m.•4 views

Fortinet FortiAnalyzer Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a...

5.9CVSS7.2AI score0.38474EPSS

Exploits4References3

EUVD•added 2025/11/18 10:32 p.m.•5 views

EUVD-2025-198099

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

8.4CVSS6.4AI score0.00369EPSS

Exploits1References1

GithubExploit•added 2025/11/18 2:24 p.m.•204 views

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 Vulnerability Demonstration This project provi...

6.5CVSS7.6AI score0.89955EPSS

Exploits10

CVE•added 2025/11/17 12:0 a.m.•34 views

CVE-2025-65073

OpenStack Keystone prior to 26.0.1, 27.0.0, or 28.0.0 is vulnerable to requests to /v3/ec2tokens or /v3/s3tokens bearing a valid AWS Signature that can authorize access. The issue (CVE-2025-65073) enables unauthorized access and potential privilege escalation. CVSS v3.1 base score 7.5 (Network, h...

7.5CVSS6.5AI score0.00196EPSS

Exploits0References2

Cvelist•added 2025/11/15 8:4 a.m.•6 views

CVE-2025-7736 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

3.1CVSS0.00242EPSS

Exploits0References3

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-178083

Malicious code in link-uglify-js-fermiparadox-auth npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177402

Malicious code in orogeny-quark-archaeoastronomy-auth npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175439

Malicious code in yonder-less-loader-ini-auth npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-180307

Malicious code in asthenosphere-auth-andromeda-gacrux npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179602

Malicious code in config-regulus-auth-ophiuchus npm...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in elara-auth-enif-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6a97085d0f95d38a45aa6b0ea2fad76374accd0dce2a52a48e7dc7b4bd9758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in eslint-plugin-fornax-auth-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be26c82a94b33272a9b5391a0f7fe3a8cb9d572639e42301d598f6ff497f416c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•6 views

Malicious code in spectron-grunt-auth-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6cbd342d4b73f3ab91a46f07b5ec0f8fb7ea8893422949f32cb9b9cae1c1dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in xerxes-auth-jekyll-ionosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51ad4f9df284c5088fa33be03291602f134c74a08bde68bd1d24c3220134e5cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in yonder-less-loader-ini-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d24be310a09fbc0c9ea69c806f48c32bc74d179f2b3b70aedfed17bb573b41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176267

Malicious code in spectron-grunt-auth-europa npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-176206

Malicious code in stop-auth-epigenetics-neutronstar npm...

6.6AI score

Exploits0