CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/12/01 12:0 a.m.•3 views

PT-2025-48491

Name of the Vulnerable Software and Affected Versions Live555 Streaming Media version 2018.09.02 Description A use-after-free issue exists in the ADTSAudioFileSource::samplingFrequency function of Live555 Streaming Media. This flaw allows attackers to trigger a Denial of Service DoS by providing ...

6.5CVSS6.5AI score0.00089EPSS

Exploits1References8

Snyk•added 2025/11/30 1:14 p.m.•1 views

Malicious Package

Overview tailwind-grid-tools is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

Snyk•added 2025/11/30 1:14 p.m.•1 views

Malicious Package

Overview tailwindcss-setmotion is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

Snyk•added 2025/11/30 1:14 p.m.•2 views

Malicious Package

Overview chai-async is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Snyk•added 2025/11/30 1:14 p.m.•1 views

Malicious Package

Overview tailwind-justify is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

EUVD•added 2025/11/21 10:11 p.m.•3 views

EUVD-2025-198528

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

8.1CVSS6.7AI score0.00079EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•6 views

PT-2025-47816

Name of the Vulnerable Software and Affected Versions Roo Code versions prior to 3.26.7 Description Roo Code, an AI-powered autonomous coding agent, had a validation error that allowed it to automatically execute commands not on the approved list of prefixes. This occurred in versions before...

8.1CVSS6.8AI score0.00079EPSS

Exploits0References7

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 3: gstreamer1-plugins-bad-free (TSSA-2024:0196)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0196 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.7AI score0.06219EPSS

Exploits0References4

OSV•added 2025/11/06 1:20 a.m.•2 views

MGASA-2025-0264 Updated gstreamer1.0-plugins-bad packages fix security vulnerability

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2025-3887...

8.8CVSS7.1AI score0.02674EPSS

Packet Storm News•added 2025/11/06 12:0 a.m.•3 views

From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting

As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...

7.4AI score

Packet Storm News•added 2025/10/27 12:0 a.m.•3 views

QueryIPI: Query-Agnostic Indirect Prompt Injection on Coding Agents

Modern coding agents integrated into IDEs combine powerful tools and system-level actions, exposing a high-stakes attack surface. Existing Indirect Prompt Injection IPI studies focus mainly on query-specific behaviors, leading to unstable attacks with lower success rates. We identify a more sever...

7AI score

Packet Storm News•added 2025/10/17 12:0 a.m.•2 views

Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

8.2AI score

HackRead•added 2025/10/14 12:52 p.m.•2 views

From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…...

6.9AI score