CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

OSSF Malicious Packages•added 2026/05/12 7:42 a.m.•6 views

Malicious code in 8oo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c949ba1ac1cd3a6c96d3f1fc8c32cdc64cb9474fa07dd6633ebf4f69073a495 The package's main entry index.js executes an IIFE at require time that loads 66o.js, which replaces the global console with a Proxy. Every intercept...

5.9AI score

Exploits0References16

Snyk•added 2026/01/28 4:33 p.m.•2 views

Malicious Package

Overview cloudinary-ct-run-sub is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score

Exploits0References2

RedhatCVE•added 2026/01/24 3:18 p.m.•4 views

CVE-2026-24560

Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through = 3.3.2...

5.4CVSS5.9AI score0.00021EPSS

Exploits0References1

NVD•added 2026/01/23 3:16 p.m.•2 views

CVE-2026-24560

5.4CVSS0.00021EPSS

Exploits0References1

Vulnrichment•added 2026/01/23 2:28 p.m.•3 views

CVE-2026-24560 WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability

5.4CVSS5.9AI score0.00021EPSS

Exploits0References1

ATTACKERKB•added 2026/01/23 2:28 p.m.•2 views

CVE-2026-24560

5.4CVSS5.9AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/01/23 2:28 p.m.•28 views

CVE-2026-24560 WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability

5.4CVSS0.00021EPSS

Exploits0References1

CVE•added 2026/01/23 2:28 p.m.•5 views

CVE-2026-24560

CVE-2026-24560 involves the WordPress Cloudinary image-management plugin (versions 3.3.0 (preferably to 3.3.1 or later). If upgrading is not possible, consult vendor advisories for mitigation. Technical details in connected documents confirm the vulnerability class and suggested remediation; no ...

5.4CVSS5.9AI score0.00021EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Cloudinary has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00021EPSS

Exploits0References1

Positive Technologies•added 2026/01/23 12:0 a.m.•2 views

PT-2026-4402

Name of the Vulnerable Software and Affected Versions Cloudinary versions prior to 3.3.0 Description An authorization issue exists in Cloudinary, a cloud-based image and video management platform. This issue involves incorrectly configured access control security levels, potentially allowing...

5.4CVSS5.3AI score0.00021EPSS

Exploits0References3

Patchstack•added 2026/01/22 4:11 a.m.•3 views

WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Cloudinary versions = 3.3.2...

5.4CVSS5.2AI score0.00021EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/11/11 5:42 a.m.•6 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.8AI score0.00055EPSS

Exploits0References1

OSV•added 2025/11/10 6:30 a.m.•0 views

GHSA-G4MF-96X5-5M2C Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

8.8CVSS6.7AI score0.00055EPSS

Exploits0References5

vulnersOsv•added 2025/11/10 6:30 a.m.•2 views

1batch (=1.0.0), 47pages-keystone (>=0.0.1 <=0.0.5) +802 more potentially affected by CVE-2025-12613 via cloudinary (>=1.0.13 <=2.6.1)

cloudinary NPM version =1.0.13, =0.0.1, =1.0.2, =1.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.0.28, =0.0.3, =3.7.0, =3.18.2 and more Source cves: CVE-2025-12613 Source advisory: OSV:GHSA-G4MF-96X5-5M2C...

8.8CVSS5.8AI score0.00055EPSS

Exploits0

Github Security Blog•added 2025/11/10 6:30 a.m.•5 views

Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

8.8CVSS6.8AI score0.00055EPSS

Exploits0References5Affected Software1

NVD•added 2025/11/10 5:15 a.m.•1 views

CVE-2025-12613

8.8CVSS0.00055EPSS

Exploits0References3

OSV•added 2025/11/10 5:15 a.m.•1 views

CVE-2025-12613

8.8CVSS6.7AI score

Exploits0References3

Cvelist•added 2025/11/10 5:0 a.m.•4 views

CVE-2025-12613

8.8CVSS0.00055EPSS

Exploits0References3

Vulnrichment•added 2025/11/10 5:0 a.m.•1 views

CVE-2025-12613

8.8CVSS6.7AI score0.00055EPSS

Exploits0References3

CVE•added 2025/11/10 5:0 a.m.•4 views

CVE-2025-12613

CVE-2025-12613 affects the Cloudinary Node SDK prior to 2.7.0. The vulnerability stems from improper parsing of parameter values containing an ampersand, enabling Arbitrary Argument Injection where an attacker can inject additional, unintended parameters. Potential outcomes include bypassing secu...

8.8CVSS6.7AI score0.00055EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by