CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/11/12 9:15 p.m.•4 views

CVE-2025-64170

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

3.8CVSS0.0012EPSS

Exploits0References2

OSV•added 2025/11/12 8:30 p.m.•3 views

CVE-2025-64170 sudo-rs: Partial password reveal is possible after timeout

3.8CVSS6.4AI score0.0012EPSS

Exploits0References4

Tenable Nessus•added 2025/11/12 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-40139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF...

5.9AI score0.00162EPSS

Exploits0References4

Snyk•added 2025/11/11 4:43 p.m.•2 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

8.8CVSS6.9AI score0.00313EPSS

Exploits0References2

Tenable Nessus•added 2025/11/11 12:0 a.m.•4 views

Fedora 42 : cef (2025-313f6d7702)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-313f6d7702 advisory. Update to 141.0.7390.122 High CVE-2025-12036 chromium: Inappropriate implementation in V8 High CVE-2025-11756: Use after free in Safe Browsing High...

9.1CVSS8.9AI score0.06608EPSS

Exploits1References20

FreeBSD•added 2025/11/11 12:0 a.m.•7 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 457351015 High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03...

8.8CVSS6.7AI score0.00231EPSS

4.2CVSS5.3AI score0.00178EPSS

CVE-2025-12728

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Debian CVE•added 2025/11/10 8:0 p.m.•5 views

CVE-2025-12729

4.2CVSS5.3AI score0.00158EPSS

7.5CVSS5.3AI score0.00202EPSS

CVE-2025-12726

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.2AI score0.0023EPSS

CVE-2025-12727

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

4.3CVSS4.9AI score0.0025EPSS

CVE-2025-12433

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

Debian CVE•added 2025/11/10 8:0 p.m.•3 views

CVE-2025-12431

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS6.3AI score0.0017EPSS

Debian CVE•added 2025/11/10 8:0 p.m.•7 views

CVE-2025-12429

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.2AI score0.00267EPSS

CNNVD•added 2025/11/08 12:0 a.m.•5 views

Google Chrome 安全漏洞

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Passkeys mal-implementation vulnerability, which can be exploited by an attacker to obtain sensitive information via debug logs...

6.2CVSS6AI score0.00095EPSS

Exploits1References2

Packet Storm News•added 2025/11/08 12:0 a.m.•6 views

Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Channel Binding

As a case study in cryptographic binding, we present a formal-methods analysis of the cryptographic channel binding mechanisms in the Fast IDentity Online FIDO Universal Authentication Framework UAF authentication protocol, which seeks to reduce the use of traditional passwords in favor of...

6.9AI score

OSV•added 2025/11/07 5:50 p.m.•0 views

MAL-2025-191930 Malicious code in wei516-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d5a85017b397970606b9d2d5150a6f6ee8f71fdbd810fe6b0a8f34c577d76d1 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

6.7AI score

RedhatCVE•added 2025/11/07 1:46 p.m.•3 views

CVE-2025-46424

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service...

6.7CVSS6.4AI score0.00081EPSS