CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1896 matches found

Tenable Nessus•added 2025/08/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-12393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...

7.8CVSS8.4AI score0.00467EPSS

Exploits0References2

Tenable Nessus•added 2025/08/09 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-23985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...

6.5CVSS7.5AI score0.00747EPSS

Exploits0References2

vulnersOsv•added 2025/08/02 12:45 a.m.•4 views

@ballerine/workflows-service (>=0.4.6 <=0.5.49), @digitaltg/vc-signer (=1.0.0) +9 more potentially affected by CVE-2025-54782 via @nestjs/devtools-integration (=0.1.6)

@nestjs/devtools-integration NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @nestjs/devtools-integration and may be impacted: - @ballerine/workflows-service =0.4.6, =0.0.37, =0.0.4, =0.0.1, =0.0.6, =0.0.82, =0.0.32, =1.0.0, =1.0.9 -...

9.4CVSS6AI score0.35077EPSS

Exploits4

Snyk•added 2025/08/02 12:45 a.m.•3 views

Arbitrary Command Injection

Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...

9.6CVSS7.9AI score0.35077EPSS

Exploits4References2

CNNVD•added 2025/08/02 12:0 a.m.•2 views

nest 命令注入漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A command injection vulnerability exists in nest 0.2.0 and earlier versions, which stems from the presence of an insecure JavaScript sandb...

9.4CVSS8.3AI score0.35077EPSS

Exploits4References6

OSV•added 2025/08/01 11:36 p.m.•1 views

CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

9.4CVSS8AI score0.35077EPSS

Exploits4References7

HackRead•added 2025/07/29 1:0 p.m.•4 views

SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions

Palo Alto, California, 29th July 2025, CyberNewsWire...

7.3AI score

Exploits0

OSSF Malicious Packages•added 2025/07/22 1:38 a.m.•3 views

Malicious code in scenes-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fcbc7d7a26ce0416a317318a71735a6e1c6c1af16ead4f04b8ce6a5ee6d4b08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2025/07/22 1:38 a.m.•1 views

MAL-2025-6195 Malicious code in scenes-devtools (npm)

7AI score

Exploits0References1

CNVD•added 2025/07/04 12:0 a.m.•1 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-15174)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient DevTools data validation, which can be exploited by an attacker to execute arbitrary code via a crafted HTML page...

5.4CVSS7.6AI score0.00228EPSS

Exploits0References1

Mozilla•added 2025/07/02 12:0 a.m.•20 views

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS7.6AI score0.01103EPSS

Exploits0References12Affected Software1

SUSE CVE•added 2025/06/25 2:4 p.m.•1 views

SUSE CVE-2025-6557

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

5.4CVSS7.6AI score0.00228EPSS

Exploits0References3

SUSE CVE•added 2025/06/24 11:24 p.m.•2 views

SUSE CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

7.5CVSS7.2AI score0.00505EPSS

Exploits0References6