CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7974 matches found

NVD•added 2025/11/17 6:15 p.m.•5 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS0.00025EPSS

Exploits1References3

Snyk•added 2025/11/17 5:38 p.m.•1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

7.7CVSS6.8AI score0.00025EPSS

Exploits1References2

OSV•added 2025/11/17 5:29 p.m.•3 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS8.2AI score0.00025EPSS

Exploits1References5

Cvelist•added 2025/11/17 5:29 p.m.•6 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS0.00025EPSS

Exploits1References3

Vulnrichment•added 2025/11/17 5:29 p.m.•1 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS7.6AI score0.00025EPSS

Exploits1References3

vulnersOsv•added 2025/11/13 8:43 p.m.•3 views

arakawa (=0.1.0-alpha.1), vega-cli (>=6.0.0 <=6.1.2) potentially affected by CVE-2025-59840 via vega (>=6.0.0 <=6.1.2)

vega NPM version =6.0.0, =6.0.0, =6.1.2 Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGA-13961123...

8.1CVSS6AI score0.00034EPSS

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175902

Malicious code in transhumanism-cli-superflare-hermes npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-176572

Malicious code in sadr-dactyl-xenon-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-177865

Malicious code in meteor-cli-nightwatch-test npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177606

Malicious code in nightmare-package-quark-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-180285

Malicious code in astrometry-kaus-on-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-179714

Malicious code in cli-module-publish-firebase npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179832

Malicious code in centauri-luna-cli-tethys npm...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-189221 Malicious code in restart-virtualreality-cli-spectron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9d5aa5bdd04a69e784a9117629e602322a901b83eca9fc9f548929ac2cf681d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in meteor-cli-nightwatch-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ae5ae48dc55180eb76cf505e37d133d5e836a3f4246eaf1b4fdf5e063f5a2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-176584

Malicious code in run-script-koa-json-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176966

Malicious code in proxima-cli-galaxy-eslint npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in centauri-cli-transport-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd6ea24fbeeee105ca193a62e5857465b996bac0d4c5b8f72086246e1f61c665 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-189303 Malicious code in sadr-dactyl-xenon-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db46a51c94a6c001ca87f74104924bd66b9a1470fc9625f9b6c2f34acf9295b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-186165 Malicious code in cli-hermes-mesosphere-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046bc8f401b8fde8793714a2be47b15ddd79ce0545360eba45d7634fd4958c45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by