CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8655 matches found

RedhatCVE•added 2025/12/16 6:56 a.m.•5 views

CVE-2025-14022

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of netwo...

7.7CVSS6.6AI score0.00014EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•1 views

filelock 安全漏洞

filelock is a Python file locker open-sourced by the tox development team. A security vulnerability exists in filelock versions prior to 3.20.1, which stems from the presence of a TOCTOU contention condition that could lead to arbitrary file corruption or truncation...

6.5CVSS6.5AI score0.00004EPSS

Exploits1References6

OSV•added 2025/12/15 7:15 a.m.•1 views

CVE-2025-14022

6.8CVSS5.8AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51206

7.7CVSS6.6AI score0.00014EPSS

Exploits0References2

CNVD•added 2025/12/15 12:0 a.m.•1 views

Adobe DNG Software Development Kit (SDK) Input Validation Error Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. An input validation error vulnerability exists in Adobe DNG Software Development Kit SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an applicati...

7.8CVSS6.3AI score0.00027EPSS

Exploits4References1

HackRead•added 2025/12/12 10:49 p.m.•4 views

Development Team Augmentation: A Strategic Approach for High-Performance Teams

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner...

7AI score

Exploits0

GithubExploit•added 2025/12/11 8:43 a.m.•149 views

Exploit for Out-of-bounds Write in Netatalk

CVE-2018-...

10CVSS9.8AI score0.8569EPSS

Exploits10

RedhatCVE•added 2025/12/11 5:3 a.m.•4 views

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...

9.8CVSS6.6AI score0.00045EPSS

Exploits0References1

SUSE CVE•added 2025/12/11 12:51 a.m.•3 views

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause "Exposure of Sensitive Information to an Unauthorized Actor" by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS6AI score0.00019EPSS

Exploits0References3

CVE•added 2025/12/10 9:46 p.m.•13 views

CVE-2025-66033

CVE-2025-66033 affects Okta Java Management SDK (versions 21.0.0–24.0.0). The issue involves improper thread cleanup in multithreaded use of the ApiClient, which can cause memory issues and, under sustained load, degrade performance and availability and may lead to a denial-of-service. Red Hat/Re...

5.3CVSS6.3AI score0.00049EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/12/10 9:16 p.m.•3 views

CVE-2025-67489

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

9.8CVSS8.2AI score0.00362EPSS

Exploits0References1

Veracode•added 2025/12/10 9:1 a.m.•4 views

Arbitrary Remote Code Execution (RCE)

@vitejs/plugin-rsc is vulnerable to arbitrary remote code execution RCE. The vulnerability is due to unsafe dynamic imports in server function APIs, which allows an attacker with network access to execute code on the development server, read or modify files, exfiltrate sensitive data, or pivot to...

9.8CVSS8.2AI score0.00362EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/10 8:34 a.m.•4 views

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

8.4CVSS6.7AI score0.0013EPSS

Exploits0References4

Positive Technologies•added 2025/12/10 12:0 a.m.•4 views

PT-2025-50501

Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description The mobile application stores network credentials. An attacker retrieving these credentials, along with the physical location of the Wi-Fi network, could gain unauthorized access t...

9.8CVSS6.3AI score0.00045EPSS

Exploits0References5

NVD•added 2025/12/09 9:16 p.m.•2 views

CVE-2025-67489

9.8CVSS0.00362EPSS

Exploits0References2

Vulnrichment•added 2025/12/09 8:54 p.m.•1 views

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

9.8CVSS7.8AI score0.00362EPSS

Exploits0References2

CVE•added 2025/12/09 8:54 p.m.•22 views

CVE-2025-67489

CVE-2025-67489 affects the @vitejs/plugin-rs library (React Server Components support for Vite). Versions ≤0.5.5 are vulnerable to arbitrary remote code execution on the development server due to unsafe dynamic imports in server function APIs (loadServerAction, decodeReply, decodeAction) when use...

9.8CVSS7.8AI score0.00362EPSS

Exploits0References2

OSV•added 2025/12/09 8:54 p.m.•3 views

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

9.8CVSS8.1AI score0.00362EPSS

Exploits0References4