CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8737 matches found

Vulnrichment•added 2025/12/16 6:20 p.m.•3 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.6AI score0.00552EPSS

Exploits0References4

OSV•added 2025/12/16 6:20 p.m.•5 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

7.5CVSS6.9AI score0.00552EPSS

Exploits0References6

OSV•added 2025/12/16 12:0 p.m.•17 views

RUSTSEC-2025-0141 Bincode is unmaintained

Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...

6.8AI score

Exploits0References3

RustSec•added 2025/12/16 12:0 p.m.•19 views

Bincode is unmaintained

6.9AI score

Exploits0

RedhatCVE•added 2025/12/16 6:56 a.m.•8 views

CVE-2025-14022

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of netwo...

7.7CVSS6.6AI score0.00161EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•3 views

filelock 安全漏洞

filelock is a Python file locker open-sourced by the tox development team. A security vulnerability exists in filelock versions prior to 3.20.1, which stems from the presence of a TOCTOU contention condition that could lead to arbitrary file corruption or truncation...

6.5CVSS6.5AI score0.00184EPSS

Exploits1References6

OSV•added 2025/12/15 7:15 a.m.•3 views

CVE-2025-14022

6.8CVSS5.8AI score0.00161EPSS

Exploits0References1

Positive Technologies•added 2025/12/15 12:0 a.m.•5 views

PT-2025-51206

7.7CVSS6.6AI score0.00161EPSS

Exploits0References2

CNVD•added 2025/12/15 12:0 a.m.•3 views

Adobe DNG Software Development Kit (SDK) Input Validation Error Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. An input validation error vulnerability exists in Adobe DNG Software Development Kit SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an applicati...

7.8CVSS6.3AI score0.00172EPSS

Exploits4References1

HackRead•added 2025/12/12 10:49 p.m.•6 views

Development Team Augmentation: A Strategic Approach for High-Performance Teams

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner...

7AI score

Exploits0

GithubExploit•added 2025/12/11 8:43 a.m.•164 views

Exploit for Out-of-bounds Write in Netatalk

CVE-2018-...

10CVSS9.8AI score0.86539EPSS

Exploits10

RedhatCVE•added 2025/12/11 5:3 a.m.•4 views

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...

9.8CVSS6.6AI score0.00249EPSS

Exploits0References1

CVE•added 2025/12/10 9:46 p.m.•16 views

CVE-2025-66033

CVE-2025-66033 affects Okta Java Management SDK (versions 21.0.0–24.0.0). The issue involves improper thread cleanup in multithreaded use of the ApiClient, which can cause memory issues and, under sustained load, degrade performance and availability and may lead to a denial-of-service. Red Hat/Re...

5.3CVSS6.3AI score0.00228EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/12/10 9:16 p.m.•3 views

CVE-2025-67489

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

9.8CVSS8.2AI score0.00694EPSS

Exploits0References1

Veracode•added 2025/12/10 9:1 a.m.•5 views

Arbitrary Remote Code Execution (RCE)

@vitejs/plugin-rsc is vulnerable to arbitrary remote code execution RCE. The vulnerability is due to unsafe dynamic imports in server function APIs, which allows an attacker with network access to execute code on the development server, read or modify files, exfiltrate sensitive data, or pivot to...

9.8CVSS8.2AI score0.00694EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/10 8:34 a.m.•4 views

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

8.4CVSS6.7AI score0.00704EPSS

Exploits0References4

Positive Technologies•added 2025/12/10 12:0 a.m.•5 views

PT-2025-50501

Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description The mobile application stores network credentials. An attacker retrieving these credentials, along with the physical location of the Wi-Fi network, could gain unauthorized access t...

9.8CVSS6.3AI score0.00249EPSS

Exploits0References5