CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

159 matches found

CNNVD•added 2026/04/10 12:0 a.m.•2 views

Quarkus OpenAPI Generator 路径遍历漏洞

Quarkus OpenAPI Generator is an open-source code generation tool based on the OpenAPI specification, developed by Quarkiverse Hub. Versions of Quarkus OpenAPI Generator prior to 2.16.0 and 2.15.0-lts contained a path traversal vulnerability. This vulnerability stemmed from the unzip method in...

8.7CVSS5.9AI score0.00096EPSS

Exploits1References3

Github Security Blog•added 2026/04/08 7:14 p.m.•4 views

quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...

8.7CVSS6.1AI score0.00096EPSS

Exploits1References5Affected Software1

OSV•added 2026/04/08 7:14 p.m.•2 views

GHSA-JX2W-VP7F-456Q quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

6.3CVSS6AI score0.00096EPSS

Exploits1References5

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-32035

Name of the Vulnerable Software and Affected Versions Quarkus OpenAPI Generator versions prior to 2.16.0 and 2.15.0-lts Description The unzip method in ApicurioCodegenWrapper.java does not validate that the file path of extracted ZIP entries remains within the intended output directory. The...

8.7CVSS5.8AI score0.00096EPSS

Exploits1References9

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 8 : firefox-115.8.0-1.el8_9.ML.1 (AXSA:2024-7560:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7560:09 advisory. Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547...

8.1CVSS8.5AI score0.0073EPSS

Exploits1References9

RedhatCVE•added 2026/01/09 8:58 a.m.•4 views

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

9.1CVSS6.9AI score0.00314EPSS

Exploits1References1

vulnersOsv•added 2025/12/08 10:15 p.m.•2 views

pepl-codegen (>=0.1.1 <=0.1.2), pepl-compiler (>=0.1.1 <=0.1.2) +2 more potentially affected by CVE-2025-66627 via wasmi (>=0.42.1 <=0.46.0)

wasmi CARGO version =0.42.1, =0.1.1, =0.1.1, =0.42.0, =0.42.0, =0.46.0 Source cves: CVE-2025-66627 Source advisory: OSV:GHSA-G4V2-CJQP-RFMQ...

8.4CVSS5.8AI score0.00022EPSS

Exploits0

EUVD•added 2025/10/30 5:38 p.m.•0 views

EUVD-2025-37116

Malicious code in epic-openapi-codegen npm...

6.6AI score

Exploits0

OSV•added 2025/10/30 5:38 p.m.•0 views

MAL-2025-49177 Malicious code in epic-openapi-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72c376cbf488eb74d4d24b10cd6153640f94a3ceb831332dc1f0f056934c91ed The package epic-openapi-codegen was found to contain malicious code...

7AI score

Exploits0

OSSF Malicious Packages•added 2025/10/30 5:38 p.m.•0 views

Malicious code in epic-openapi-codegen (npm)

7AI score

Exploits0

OSSF Malicious Packages•added 2025/10/23 7:27 p.m.•2 views

Malicious code in circuit-codegen-annotations-test (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2025/10/23 7:27 p.m.•1 views

MAL-2025-48802 Malicious code in circuit-codegen-annotations-test (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2025/10/23 7:27 p.m.•1 views

MAL-2025-48801 Malicious code in circuit-codegen-annotations (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSSF Malicious Packages•added 2025/10/23 7:27 p.m.•2 views

Malicious code in circuit-codegen-annotations (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OpenVAS•added 2025/10/15 12:0 a.m.•1 views

Fedora: Security Advisory (FEDORA-2025-1ac08db27d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.00175EPSS

Exploits0References3

Fedora•added 2025/10/14 10:22 p.m.•4 views

[SECURITY] Fedora 43 Update: rust-protobuf-codegen-3.7.2-1.fc43

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

5.9CVSS7.1AI score0.00175EPSS

Exploits0

Fedora•added 2025/10/09 1:15 a.m.•3 views

[SECURITY] Fedora 41 Update: rust-protobuf-codegen-3.7.2-1.fc41

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

5.9CVSS7.1AI score0.00175EPSS

Exploits0

Tenable Nessus•added 2025/10/09 12:0 a.m.•2 views

Fedora 41 : mirrorlist-server / rust-maxminddb / rust-prometheus / etc (2025-2503abb88f)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-2503abb88f advisory. - Update mirrorlist-server to version 3.0.8. - Update the maxminddb crate to version 0.26.0. - Update the prometheus crate to version 0.14.0. - Update the...

5.9CVSS5.5AI score0.00175EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-0669

Malware in sbrugna...

5.5CVSS6.2AI score0.00067EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-0688

Malware in sbrugna...

7CVSS6AI score0.00044EPSS

Exploits1References4