CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7991 matches found

NVD•added 2025/11/17 6:15 p.m.•8 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS0.03026EPSS

Exploits1References3

Snyk•added 2025/11/17 5:38 p.m.•1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

7.7CVSS6.8AI score0.03026EPSS

Exploits1References2

Vulnrichment•added 2025/11/17 5:29 p.m.•2 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS7.6AI score0.03026EPSS

Exploits1References3

Cvelist•added 2025/11/17 5:29 p.m.•8 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS0.03026EPSS

Exploits1References3

OSV•added 2025/11/17 5:29 p.m.•5 views

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS8.2AI score0.03026EPSS

Exploits1References5

vulnersOsv•added 2025/11/13 8:43 p.m.•3 views

arakawa (=0.1.0-alpha.1), vega-cli (>=6.0.0 <=6.1.2) potentially affected by CVE-2025-59840 via vega (>=6.0.0 <=6.1.2)

vega NPM version =6.0.0, =6.0.0, =6.1.2 Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGA-13961123...

8.1CVSS6AI score0.00334EPSS

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in centauri-cli-transport-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd6ea24fbeeee105ca193a62e5857465b996bac0d4c5b8f72086246e1f61c665 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178042

Malicious code in local-lyra-cli-rimraf npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•7 views

Malicious code in meteor-cli-nightwatch-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ae5ae48dc55180eb76cf505e37d133d5e836a3f4246eaf1b4fdf5e063f5a2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in hyperion-terraforming-cli-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 139f22bb319881877ea250018776f20d2290205a8ea094dd1c1fc3e84dc1083a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in resolvers-heliophysics-apollo-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60103abfcaa8fc26071abc38c8d81f1d5bd8f1c7ce82c117b98ee3f28734ac7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in transhumanism-cli-superflare-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 039599f02d93393fef55555c47eded87dcb54d3570cdbcd5cf54955e04f9479b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175902

Malicious code in transhumanism-cli-superflare-hermes npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-177606

Malicious code in nightmare-package-quark-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-177395

Malicious code in outercore-cli-concurrently-troposphere npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177360

Malicious code in paleoecology-webdriver-manager-cli-outercore npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176966

Malicious code in proxima-cli-galaxy-eslint npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176572

Malicious code in sadr-dactyl-xenon-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176360

Malicious code in sirius-darkmatter-lint-staged-cli npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177865

Malicious code in meteor-cli-nightwatch-test npm...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by