CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

ATTACKERKB•added 2026/05/26 5:35 p.m.•4 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/06 11:37 p.m.•1 views

GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

3.7CVSS6AI score

Exploits0References2

Snyk•added 2026/05/05 5:15 p.m.•5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the /auth/v1/introspectaccesstoken endpoint, which accepts any JWT signed by a key present on the node without validating the JWT type, issuer-to-key binding, or required claims. An...

4.4CVSS5.8AI score0.00014EPSS

Exploits0References2

IBM Security Bulletins•added 2026/01/06 5:8 a.m.•4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to okio-2.8.0.jar

Summary IBM webMethods BPM uses okio-2.8.0.jar for I/O operations to make reading and writing data faster and safer than Java's inbuilt APIs. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer...

7.5CVSS6.5AI score0.00567EPSS

Exploits1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-16235

Malicious code in bioql PyPI...

9.6CVSS9.4AI score0.00142EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-16242

Malicious code in bioql PyPI...

7.8CVSS5.5AI score0.00102EPSS

Exploits1References7

RedhatCVE•added 2025/05/27 4:32 p.m.•10 views

CVE-2025-5151

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function executeanalysiscodesafely of the file introspect/backend/tools/analysistools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack o...

7.8CVSS7.8AI score0.00102EPSS

Exploits1References1

OSV•added 2025/05/25 5:15 p.m.•1 views

CVE-2025-5151

7.8CVSS7.7AI score

Exploits0References7

NVD•added 2025/05/25 5:15 p.m.•6 views

CVE-2025-5151

7.8CVSS0.00102EPSS

Exploits1References7

Cvelist•added 2025/05/25 4:31 p.m.•19 views

CVE-2025-5151 defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection

5.3CVSS0.00102EPSS

Exploits1References7

Vulnrichment•added 2025/05/25 4:31 p.m.•11 views

CVE-2025-5151 defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection

5.3CVSS5.7AI score0.00102EPSS

Exploits1References7

CNNVD•added 2025/05/25 12:0 a.m.•1 views

Introspect 注入漏洞

Introspect is an open source application from Defog.ai. An injection vulnerability exists in Introspect 0.1.4 and earlier versions, which stems from code injection due to incorrect manipulation of the parameter code in the file introspect/backend/tools/analysistools.py...

7.8CVSS5.6AI score0.00102EPSS

Exploits1References7

Positive Technologies•added 2025/05/25 12:0 a.m.•2 views

PT-2025-22863 · Unknown · Defog-Ai Introspect

Name of the Vulnerable Software and Affected Versions: defog-ai introspect versions up to 0.1.4 Description: A critical vulnerability has been found in defog-ai introspect. This issue affects the execute analysis code safely function of the file introspect/backend/tools/analysis tools.py. The...

7.8CVSS5.6AI score0.00102EPSS

Exploits1References14

RedhatCVE•added 2025/05/18 10:0 a.m.•18 views

CVE-2025-4767

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function testcustomtool of the file introspect/backend/integrationroutes.py of the component Test Endpoint. The manipulation of the argument inputmodel leads to code injectio...

5.3CVSS7.4AI score0.00093EPSS

Exploits0References1

OSV•added 2025/05/16 10:15 a.m.•2 views

CVE-2025-4767

4.8CVSS5.4AI score

Exploits0References5

NVD•added 2025/05/16 10:15 a.m.•6 views

CVE-2025-4767

5.3CVSS0.00093EPSS

Exploits0References5

Vulnrichment•added 2025/05/16 9:31 a.m.•6 views

CVE-2025-4767 defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection

5.3CVSS7.7AI score0.00093EPSS

Exploits0References5

Cvelist•added 2025/05/16 9:31 a.m.•12 views

CVE-2025-4767 defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection

5.3CVSS0.00093EPSS

Exploits0References5

CVE•added 2025/05/16 9:31 a.m.•22 views

CVE-2025-4767

CVE-2025-4767 affects defog-ai introspect up to version 0.1.4. The vulnerability targets the Test Endpoint’s test_custom_tool function, where improper handling of the input_model in introspect/backend/integration_routes.py enables code injection. Local attack required; exploit has been disclosed ...

5.3CVSS5.7AI score0.00093EPSS

Exploits0References5

Positive Technologies•added 2025/05/16 12:0 a.m.•2 views

PT-2025-21630 · Unknown · Defog-Ai Introspect

Name of the Vulnerable Software and Affected Versions: defog-ai introspect versions up to 0.1.4 Description: A critical issue affects the function test custom tool of the file introspect/backend/integration routes.py of the component Test Endpoint. The manipulation of the argument input model lea...

5.3CVSS5.6AI score0.00093EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by