Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

129 matches found

Cvelist
Cvelistadded 2025/07/25 12:0 a.m.8 views

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

4.1CVSS0.00063EPSS
Exploits0References3
CVE
CVEadded 2025/07/25 12:0 a.m.17 views

CVE-2025-54558

OpenAI Codex CLI (prior to 0.9.0) is affected: the CLI auto-approves ripgrep (rg) execution even when --pre, --hostname-bin, --search-zip, or -z are used. This could enable unintended command execution via these flags. Remediation: upgrade to version 0.9.0 or later.

4.1CVSS6.8AI score0.00063EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/07/25 12:0 a.m.2 views

PT-2025-30717 · Openai +1 · Openai Codex Cli +1

Name of the Vulnerable Software and Affected Versions: OpenAI Codex CLI versions prior to 0.9.0 Description: The OpenAI Codex CLI application automatically approves the execution of ripgrep rg even when specific flags—--pre, --hostname-bin, --search-zip, or -z—are used. Recommendations: Update to...

4.1CVSS6.5AI score0.00063EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/07/17 2:58 p.m.2 views

Malicious code in codex-action (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3768693d4c833924ee984473a49391e5c0e5778d627f2f7e16f1b565ac38104a The OpenSSF Package Analysis project identified 'codex-action' @ 99.3...

6.9AI score
Exploits0
OSV
OSVadded 2025/07/17 2:58 p.m.1 views

MAL-2025-6082 Malicious code in codex-action (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3768693d4c833924ee984473a49391e5c0e5778d627f2f7e16f1b565ac38104a The OpenSSF Package Analysis project identified 'codex-action' @ 99.3...

7.1AI score
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 6:52 p.m.4 views

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

6.1CVSS6.2AI score0.01302EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/03/24 3:52 p.m.2 views

Malicious code in codex-cipher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ce020b1fc0f9d126255429ca44d4407527446d2650c546670d79bc9c84056cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSVadded 2025/03/24 3:52 p.m.4 views

MAL-2025-2624 Malicious code in codex-cipher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ce020b1fc0f9d126255429ca44d4407527446d2650c546670d79bc9c84056cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Circl
Circladded 2025/01/27 5:54 p.m.6 views

CVE-2025-24365

creationtimestamp| type| source ---|---|--- 2025-01-27 17:54:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113901597263624137 2025-01-27 18:16:25+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqkdjn3ep2f 2025-01-27 20:11:24+00:00| seen|...

8.1CVSS8.9AI score0.00617EPSS
Exploits1References6
Circl
Circladded 2025/01/27 5:48 p.m.4 views

CVE-2025-24364

creationtimestamp| type| source ---|---|--- 2025-01-27 17:48:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113901574697474273 2025-01-27 18:16:21+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqkdgggem2w 2025-01-27 20:11:24+00:00| seen|...

7.2CVSS8.9AI score0.00989EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/01/01 12:0 a.m.3 views

PT-2026-2478

Name of the Vulnerable Software and Affected Versions Node.js versions 8.x through 18.x Node.js versions 20.x through 20.20.0 Node.js versions 22.x through 22.22.0 Node.js versions 24.x through 24.13.0 Node.js versions 25.x through 25.3.0 Description A critical issue exists in Node.js related to...

9.1CVSS6.8AI score0.00109EPSS
Exploits2References130
Positive Technologies
Positive Technologiesadded 2025/01/01 12:0 a.m.2 views

PT-2025-42561

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to the escaping of the submit button label for Codex-based HTML forms. This could potentially lead to issues with how the submit button is displayed or...

6.3AI score0.00007EPSS
Exploits0References8
NVD
NVDadded 2023/10/16 10:15 a.m.12 views

CVE-2023-45639

Cross-Site Request Forgery CSRF vulnerability in Codex-m Sort SearchResult By Title plugin = 10.0 versions...

8.8CVSS5.8AI score0.00147EPSS
Exploits0References1
OSV
OSVadded 2023/10/16 10:15 a.m.0 views

CVE-2023-45639

Cross-Site Request Forgery CSRF vulnerability in Codex-m Sort SearchResult By Title plugin = 10.0 versions...

8.8CVSS7.3AI score
Exploits0References1
Prion
Prionadded 2023/10/16 10:15 a.m.10 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Codex-m Sort SearchResult By Title plugin = 10.0 versions...

6.8CVSS8.8AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/10/16 9:32 a.m.14 views

CVE-2023-45639 WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Codex-m Sort SearchResult By Title plugin = 10.0 versions...

4.3CVSS9AI score0.00147EPSS
Exploits0References1
CVE
CVEadded 2023/10/16 9:32 a.m.28 views

CVE-2023-45639

CVE-2023-45639 concerns the WordPress plugin Sort SearchResult By Title (Codex-m) with versions

8.8CVSS6.4AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/16 9:32 a.m.9 views

CVE-2023-45639 WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Codex-m Sort SearchResult By Title plugin = 10.0 versions...

4.3CVSS8.8AI score0.00147EPSS
Exploits0References1
Trellix
Trellixadded 2023/03/09 12:0 a.m.8 views

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

7.3AI score
Exploits0
Trellix
Trellixadded 2023/03/09 12:0 a.m.11 views

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

7AI score
Exploits0
Rows per page
Query Builder