CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/12/16 4:53 p.m.•4 views

CVE-2025-67727

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

9.8CVSS6.7AI score0.00359EPSS

Exploits0References1

NVD•added 2025/12/12 7:15 a.m.•4 views

CVE-2025-67727

9.8CVSS0.00359EPSS

CVE•added 2025/12/12 6:35 a.m.•10 views

CVE-2025-67727

Parse Server versions prior to 8.6.0-alpha.2 are affected by a GitHub CI workflow privilege elevation that grants the Actions workflow access to repository secrets and write permissions defined in the workflow, potentially including code from forks or lifecycle scripts. The issue is confined to t...

9.8CVSS6.4AI score0.00359EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/12/12 6:35 a.m.•1 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

6.9CVSS6.4AI score0.00359EPSS

Cvelist•added 2025/12/12 6:35 a.m.•30 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

6.9CVSS0.00359EPSS

EUVD•added 2025/12/12 6:35 a.m.•3 views

EUVD-2025-203056

6.9CVSS6.3AI score0.00359EPSS

OSV•added 2025/12/12 6:35 a.m.•4 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

6.9CVSS6.7AI score0.00359EPSS

Exploits0References5

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50894

6.9CVSS6.8AI score0.00359EPSS

Snyk•added 2025/12/02 6:35 a.m.•2 views

Arbitrary Code Injection

Overview kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including codingindexsourcecode,...

9.8CVSS7.8AI score

The Hacker News•added 2025/12/01 12:47 p.m.•16 views

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...

9.8CVSS10AI score0.99962EPSS

Exploits26

OSSF Malicious Packages•added 2025/11/26 4:39 a.m.•11 views

Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

6.9AI score

OSV•added 2025/11/26 4:39 a.m.•1 views

MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)

OSV•added 2025/11/26 2:42 a.m.•2 views

MAL-2025-191468 Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...

OSSF Malicious Packages•added 2025/11/25 12:16 a.m.•3 views

Malicious code in @voiceflow/dependency-cruiser-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f310f0649a09ab3e8f8ca155d2067e1f39ad9ac40a987851fd0dd352ffc268fe The package @voiceflow/dependency-cruiser-config was found to contain malicious code. Source: ghsa-malware...

6.9AI score

OSSF Malicious Packages•added 2025/11/25 12:16 a.m.•7 views

Malicious code in @voiceflow/circleci-config-sdk-orb-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93fddfa88f30512d04aa154c955befc6e560cd4a1600f731643caf20e799e5c8 The package @voiceflow/circleci-config-sdk-orb-import was found to contain malicious code. Source: google-open-source-security...

6.9AI score

OSV•added 2025/11/25 12:16 a.m.•1 views

MAL-2025-191198 Malicious code in @browserbasehq/stagehand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0147cee6c903a9fd8dabfedd42c60df91437e6a7a750bebff3c26ce687d4443a The package @browserbasehq/stagehand was found to contain malicious code. Source: ghsa-malware...

OSV•added 2025/11/25 12:16 a.m.•1 views

MAL-2025-191368 Malicious code in @voiceflow/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a8c6b88ad67d8ceece37df9641f6712f7047aa566957d0937eb3ca99aed10dd The package @voiceflow/runtime was found to contain malicious code. Source: ghsa-malware...

OSV•added 2025/11/25 12:16 a.m.•3 views

MAL-2025-191270 Malicious code in @oku-ui/radio-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feaa1ad942366c27b4456d59ddcb38dea5f41fbdf8339bfa04ecc8afb48040c0 The package @oku-ui/radio-group was found to contain malicious code. Source: google-open-source-security...