CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/08/12 12:0 a.m.•6 views

PT-2025-32852

Name of the Vulnerable Software and Affected Versions Microsoft IIS Web Deploy versions prior to August 2025 PatchDay Description An issue exists in Microsoft Web Deploy where unsafe deserialization of HTTP header contents allows an authenticated attacker to execute code remotely. The vulnerabili...

9CVSS7AI score0.22323EPSS

Exploits3References37

Tenable Nessus•added 2025/08/12 12:0 a.m.•10 views

Microsoft Web Deploy < 10.0.2001 Remote Code Execution (CVE-2025-53772)

The version of Microsoft Web Deploy installed on the remote host is prior to 10.0.2001 It is, therefore, affected by a remote code execution vulnerability: - Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. CVE-2025-53772 Note that Ness...

8.8CVSS6.6AI score0.22323EPSS

Exploits3References2

CVE•added 2025/08/09 1:29 a.m.•38 views

CVE-2025-55152

CVE-2025-55152 affects the oak middleware (Deno/native HTTP stack) with vulnerable versions 17.1.5 and earlier. Public records describe a Regular Expression Denial of Service / DoS: using specially crafted values in the headers x-forwarded-proto or x-forwarded-for can cause substantial slowdown o...

5.3CVSS7.1AI score0.00362EPSS

Exploits0References2

OSV•added 2025/08/09 1:29 a.m.•5 views

CVE-2025-55152 oak: ReDoS in x-forwarded-proto and x-forwarded-for headers

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers...

5.3CVSS6.6AI score0.00362EPSS

Exploits0References4

vulnersOsv•added 2025/08/06 1:44 p.m.•1 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23311 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23311 Source advisory:...

9.8CVSS7.3AI score0.02464EPSS

vulnersOsv•added 2025/08/06 1:43 p.m.•2 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23320 via nvidia-pytriton (=0.7.0)

7.5CVSS7.3AI score0.00875EPSS

7.5CVSS5.8AI score0.0045EPSS

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23321 via nvidia-pytriton (=0.7.0)

9.8CVSS7.3AI score0.01531EPSS

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23319 via nvidia-pytriton (=0.7.0)

vulnersOsv•added 2025/08/06 1:43 p.m.•2 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23318 via nvidia-pytriton (=0.7.0)

9.8CVSS7.2AI score0.00643EPSS

7.5CVSS6AI score0.00726EPSS

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23334 via nvidia-pytriton (=0.7.0)

9.1CVSS5.8AI score0.00469EPSS

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23327 via nvidia-pytriton (=0.7.0)

vulnersOsv•added 2025/08/06 1:42 p.m.•1 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23333 via nvidia-pytriton (=0.7.0)

7.5CVSS6.2AI score0.0044EPSS

vulnersOsv•added 2025/08/06 1:42 p.m.•2 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23325 via nvidia-pytriton (=0.7.0)

7.5CVSS5.8AI score0.00439EPSS

vulnersOsv•added 2025/08/06 12:42 p.m.•0 views

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23310 via nvidia-pytriton (=0.7.0)

9.8CVSS7.3AI score0.0175EPSS

IBM Security Bulletins•added 2025/07/17 6:27 p.m.•29 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to multiple Apache Tomcat vulnerabilities CVE-2025-48976, CVE-2025-48988 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...

7.5CVSS7.5AI score0.63258EPSS

Exploits1Affected Software1

OSSF Malicious Packages•added 2025/07/10 10:24 p.m.•3 views

Malicious code in hubspot-cms-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb6184defa0162c7c46179a4c0e85e5df794bc2fadb23f9649184487324684b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSSF Malicious Packages•added 2025/07/02 12:23 p.m.•3 views

Malicious code in hardhat-deploy-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2081250ac75574ee18ddea2caa510104e94d2673de1ad4fa445d96559d2a1f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References4

OSSF Malicious Packages•added 2025/07/02 12:23 p.m.•3 views

Malicious code in hardhat-deploy-notifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb9d3b8f687f5445ef66903c25ffaee9514d721441a15b7e4c4dfbf58caa7930 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSV•added 2025/07/02 12:23 p.m.•2 views

MAL-2025-5560 Malicious code in hardhat-deploy-notifier (npm)

7AI score