CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7981 matches found

Fedora•added 2025/11/05 2:12 a.m.•3 views

[SECURITY] Fedora 43 Update: fastapi-cli-0.0.14-1.fc43

FastAPI CLI is a command line program fastapi that you can use to serve your FastAPI app, manage your FastAPI project, and more...

8.1CVSS7.1AI score0.00017EPSS

Exploits1

NVD•added 2025/11/05 12:15 a.m.•1 views

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS0.00169EPSS

Exploits0References1

Tenable Nessus•added 2025/11/05 12:0 a.m.•4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python-pytest-cov, python-pytest-html, python-pytest-metadata, python-pytest-mock (SUSE-SU-2025:3744-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3744-1 advisory. This update for aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage,...

9.1CVSS6.6AI score0.00416EPSS

Exploits1References19

Cvelist•added 2025/11/04 11:9 p.m.•4 views

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

8.8CVSS0.00169EPSS

Exploits0References1

CVE•added 2025/11/04 11:9 p.m.•20 views

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

8.8CVSS7.8AI score0.00169EPSS

Exploits0References1

GithubExploit•added 2025/11/04 5:57 p.m.•302 views

Exploit for CVE-2025-11953

React Native CLI Command Injection Demo CVE-2025-11953 ⚠...

9.8CVSS8.6AI score0.13998EPSS

Exploits5

The Hacker News•added 2025/11/04 2:24 p.m.•9 views

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

9.8CVSS8.2AI score0.13998EPSS

Exploits5

NVD•added 2025/11/03 5:15 p.m.•9 views

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS0.13998EPSS

Exploits5References6

CVE•added 2025/11/03 4:35 p.m.•464 views

CVE-2025-11953

The CVE-2025-11953 issue affects the React Native Community CLI Server API Node.js Package (versions 4.8.0 up to, but not including, 20.0.0). The Metro Development Server bound to external interfaces exposes an endpoint vulnerable to OS command injection, enabling unauthenticated network attacker...

9.8CVSS7.5AI score0.13998EPSS

In wildExploits5References6Affected Software1

Cvelist•added 2025/11/03 4:35 p.m.•13 views

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

9.8CVSS0.13998EPSS

Exploits5References2

CNNVD•added 2025/11/03 12:0 a.m.•3 views

React Native Community CLI 安全漏洞

React Native Community CLI is an open source command line tool for React Native Community. A security vulnerability exists in the React Native Community CLI, which stems from a default binding to an external interface and an OS command injection vulnerability in the endpoint, which could allow an...

9.8CVSS8AI score0.13998EPSS

Exploits5References3

Wolfi•added 2025/11/02 2:17 p.m.•4 views

GHSA-RJCG-56PH-3QVG vulnerabilities

Vulnerabilities for packages: envconsul, gobump, kafkaexporter, modelmesh-runtime-adapter, mongo-tools, ghaudit, flux, controller-gen, secrets-store-csi-driver, pgpool2exporter, redpanda, container-object-storage-interface, protoc-gen-go-grpc, render-template, wireguard-go, pguser, tfsec,...

5.4AI score

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•4 views

GHSA-JWMF-CHVC-RF92 vulnerabilities

5.4AI score

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•5 views

GHSA-447V-2QG4-H8HC vulnerabilities

Vulnerabilities for packages: envconsul, gobump, kafkaexporter, modelmesh-runtime-adapter, kube-metrics-adapter, ghaudit, kubevela, mongo-tools, kubeflow, cloud-provider-azure, flux, docker-credential-ecr-login, controller-gen, cloud-provider-vsphere, flyte, git-credential-oauth, helm-push,...

5.4AI score

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•3 views

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

5.4AI score

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•5 views

CVE-2025-58186 vulnerabilities

5.3CVSS7.7AI score0.00041EPSS

Exploits0

Wolfi•added 2025/11/02 2:17 p.m.•6 views

CVE-2025-58188 vulnerabilities