CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0b2fd7a8c638947ae3bfc4c81fb4a2b89e7cee50538831189f80aab8974dcde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175493

Malicious code in xerxes-auth-jekyll-ionosphere npm...

6.6AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•2 views

MAL-2025-187815 Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•3 views

MAL-2025-186691 Malicious code in elara-auth-enif-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6a97085d0f95d38a45aa6b0ea2fad76374accd0dce2a52a48e7dc7b4bd9758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•2 views

MAL-2025-190383 Malicious code in xerxes-auth-jekyll-ionosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51ad4f9df284c5088fa33be03291602f134c74a08bde68bd1d24c3220134e5cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•2 views

MAL-2025-189608 Malicious code in spectron-grunt-auth-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6cbd342d4b73f3ab91a46f07b5ec0f8fb7ea8893422949f32cb9b9cae1c1dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-186212 Malicious code in comet-auth-html-webpack-plugin-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5b037c3a10e0eb5d63054a411dd6a2daeb791121c669593b5602687a52454b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-186843 Malicious code in eslint-plugin-fornax-auth-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be26c82a94b33272a9b5391a0f7fe3a8cb9d572639e42301d598f6ff497f416c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

CVE•added 2025/11/12 10:8 p.m.•10 views

CVE-2025-64517

sudo-rs (Rust implementation of sudo) is affected by CVE-2025-64517. Versions prior to 0.2.10 incorrectly recorded the invoking user’s UID in the authentication timestamp when Defaults targetpw/rootpw are enabled, which could allow a highly-privileged user to run commands as other accounts using ...

4.4CVSS6.6AI score0.0015EPSS

Exploits0References3

Cvelist•added 2025/11/12 9:56 p.m.•4 views

CVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...

0.00184EPSS

Exploits0References8

NVD•added 2025/11/12 3:15 p.m.•3 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

9.8CVSS0.00422EPSS

Exploits1References1

OSV•added 2025/11/12 10:23 a.m.•6 views

CVE-2025-40129 sunrpc: fix null pointer dereference on zero-length checksum

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth, zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2...

6AI score0.00174EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by