CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/12 5:15 p.m.•6 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

8.2CVSS5.8AI score0.00255EPSS

Snyk•added 2026/01/12 4:10 p.m.•3 views

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

9.8CVSS7.7AI score0.19213EPSS

Exploits2References4

OSV•added 2026/01/12 12:0 p.m.•4 views

SUSE-SU-2026:20031-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...

9.8CVSS5.8AI score0.00498EPSS

Exploits2References12

Veracode•added 2026/01/12 10:40 a.m.•7 views

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

7.3CVSS6.1AI score0.00217EPSS

Exploits0References3Affected Software1

Veracode•added 2026/01/12 10:0 a.m.•11 views

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

8CVSS7.1AI score0.00327EPSS

Exploits0References3Affected Software2

EUVD•added 2026/01/12 2:2 a.m.•3 views

EUVD-2026-1973

Malicious code in inquirer-js npm...

EUVD•added 2026/01/12 2:2 a.m.•4 views

EUVD-2026-1969

Malicious code in immer-js npm...

EUVD•added 2026/01/12 1:59 a.m.•3 views

EUVD-2026-1978

Malicious code in milvus-js npm...

EUVD•added 2026/01/12 1:59 a.m.•6 views

EUVD-2026-1979

Malicious code in huggingface-js npm...

OSV•added 2026/01/12 1:59 a.m.•4 views

MAL-2026-222 Malicious code in huggingface-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddd4d756fe7df1a0ac3caf862d744269bc2e1c1b49d8a4e12c702ded81b75dbf The package huggingface-js was found to contain malicious code. Source: ghsa-malware 9240da3d6ad3248bf99f72ea626c3562d3614a363647cad28a5468f16e73b885...

6.8AI score

EUVD•added 2026/01/12 12:0 a.m.•5 views

EUVD-2026-1929

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

8.2CVSS6.3AI score0.00255EPSS

Exploits0References4

Cvelist•added 2026/01/12 12:0 a.m.•16 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

0.00255EPSS

CNNVD•added 2026/01/12 12:0 a.m.•4 views

opencode 安全漏洞

opencode is an AI programming intelligence open-sourced by Anomaly. A security vulnerability exists in versions prior to opencode 1.1.10, which stems from the Markdown renderer not cleaning up the LLM response, and could lead to the execution of JavaScript via HTML injection...

9.4CVSS5.9AI score0.00914EPSS

Exploits1References2

Vulnrichment•added 2026/01/12 12:0 a.m.•3 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

6.5AI score0.00255EPSS