CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2025/11/12 1:23 a.m.•3 views

thunderbird: firefox: Some non-writable Object properties could be modified

6.5CVSS6.5AI score0.00031EPSS

OSSF Malicious Packages•added 2025/11/11 8:46 p.m.•3 views

Malicious code in equal_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad9e43de418f9273f8be1908158ec4dcc1939e22569ebfbb682184828304fec6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 8:11 p.m.•3 views

Malicious code in vida-ruwet21-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06c591f7dc40735d4bc0f6b4c2be536b82c24d5b446e123e4235557a5ad6525c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/10 4:5 a.m.•4 views

Malicious code in bambang-jus39-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fae25e5a9258fd0c80bed5883f3bbba3f6747826bb7c46b3a85130827526458 The package bambang-jus39-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...

OSSF Malicious Packages•added 2025/11/10 4:5 a.m.•5 views

Malicious code in fadhil-gaplek76-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 505847476472653535771aa146e73a6935b6a4c1a7498fd22cb45f5ee99007c0 The package fadhil-gaplek76-sukiwir was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

OSV•added 2025/11/04 6:39 p.m.•4 views

GHSA-4766-X535-JW3R kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...

5.3CVSS6.8AI score0.00018EPSS

NVD•added 2025/10/30 2:15 p.m.•3 views

CVE-2025-50739

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization...

9.8CVSS0.00683EPSS

Exploits0References2

OSV•added 2025/10/27 12:5 a.m.•2 views

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS8.9AI score0.00071EPSS