CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29593 matches found

Circl•added 2025/12/10 10:38 p.m.•3 views

GHSA-QHR6-6CGV-6638

creationtimestamp| type| source ---|---|--- 2025-12-10 22:38:36+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115697668298607011...

5.8AI score

Exploits0References1

Snyk•added 2025/12/10 9:31 p.m.•4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...

7.1CVSS6.4AI score0.00144EPSS

Exploits0References2

vulnersOsv•added 2025/12/10 6:30 p.m.•4 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.46.0.1) +37 more potentially affected by CVE-2025-67640 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =679.v74133dab435a and more...

5CVSS5.4AI score0.00179EPSS

Exploits0

Circl•added 2025/12/10 7:15 a.m.•3 views

CVE-2025-13073

creationtimestamp| type| source ---|---|--- 2025-12-10 07:15:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7mj7nlnar2e 2025-12-10 07:44:51+00:00| seen| https://gist.github.com/Darkcrai86/10212c9ef8a3f93c33ffb74d9cf5b7f6 2025-12-10 08:07:20+00:00| seen|...

7.1CVSS5.7AI score0.00145EPSS

Exploits0References3

CVE•added 2025/12/09 5:56 p.m.•25 views

CVE-2025-64671

CVE-2025-64671 is a remote code execution vulnerability in the GitHub Copilot for JetBrains plugin caused by improper neutralization of command elements (command injection). The Nessus/NVL documentation indicates the issue affects versions prior to 1.5.60; upgrading to 1.5.60 or later is the reme...

8.4CVSS7.1AI score0.0032EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/09 5:56 p.m.•2 views

CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

...

8.4CVSS6.6AI score0.0032EPSS

Exploits0References1

Cvelist•added 2025/12/09 5:56 p.m.•20 views

CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

...

8.4CVSS0.0032EPSS

Exploits0References1

Circl•added 2025/12/09 3:32 p.m.•4 views

CVE-2025-63054

creationtimestamp| type| source ---|---|--- 2025-12-09 15:32:19+00:00| seen| https://gist.github.com/Darkcrai86/de1ee7a665de8f760aa934b36459fbe4...

5.3CVSS5.8AI score0.00272EPSS

Exploits0References1

Wiz blog•added 2025/12/09 1:0 p.m.•6 views

Code to Cloud Attacks: From Github PAT to Cloud Control Plane

How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments...

6.9AI score

Exploits0

Circl•added 2025/12/09 7:28 a.m.•5 views

CVE-2025-66568

creationtimestamp| type| source ---|---|--- 2025-12-09 07:28:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m7jzihnz362v 2025-12-09 07:33:35+00:00| seen| https://infosec.exchange/users/offseq/statuses/115688447292985606 2025-12-09 07:33:37+00:00| seen|...

9.3CVSS5.7AI score0.00207EPSS

Exploits0References6

Kaspersky•added 2025/12/09 12:0 a.m.•6 views

KLA90816 ACE vulnerability in Microsoft Copilot Plugin

A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2025-64671 Related products GitHub-Copilot-Plugin CVE list CVE-2025-64671 critical KB list Solution Install necessary...

8.4CVSS8.7AI score0.0032EPSS

Exploits0References3

OSV•added 2025/12/08 9:31 p.m.•5 views

GO-2025-4183 CVE-2017-18870 in github.com/mattermost/mattermost-server

CVE-2017-18870 in github.com/mattermost/mattermost-server...

4.3CVSS6.9AI score0.00614EPSS

Exploits0References2

GithubExploit•added 2025/12/07 9:31 a.m.•152 views

Exploit for Deserialization of Untrusted Data in Facebook React

🛡️ GitHub Vulnerability Scanner for CVE-2025-55182 React/Next...

10CVSS7.9AI score0.99562EPSS

Exploits369

GithubExploit•added 2025/12/07 2:39 a.m.•162 views

Exploit for CVE-2025-66478

Next.js CVE Auto-Patcher Automation tool written in Go to sca...

7.1AI score

Exploits111

RedhatCVE•added 2025/12/06 10:52 p.m.•18 views

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

4.3CVSS6.8AI score0.00084EPSS

Exploits0References1

The Hacker News•added 2025/12/06 3:24 p.m.•12 views

Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence AI-powered Integrated Development Environments IDEs that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been...

9.8CVSS8.7AI score0.07061EPSS

Exploits3

CVE•added 2025/12/05 10:47 p.m.•15 views

CVE-2025-66629

HedgeDoc versions prior to 1.10.4 are affected by missing CSRF protection in OAuth2 endpoints for social logins (Google, GitHub, GitLab, Facebook, Dropbox) due to not sending/verifying a state parameter. This could allow attackers to hijack user authentication sessions. The issue is fixed in 1.10...

4.3CVSS6.4AI score0.00084EPSS

Exploits0References2Affected Software1