CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

381 matches found

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-177181

Malicious code in pi-emulate-lambda-alert-sandbox npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175864

Malicious code in try-phi-lambda-public-validate npm...

6.6AI score

Exploits0

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-187723 Malicious code in lambda-byte-sigma-static-reject (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e512f773e77c8591c7fdc12e28652a7c98180e468e2eaac0b828ba21c83918 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•0 views

EUVD-2025-175750

Malicious code in user-lambda-decompress-benchmark-omega npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175397

Malicious code in zeta-lambda-abstract-eta-secure npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•0 views

EUVD-2025-179161

Malicious code in emulate-earth-lambda-iota-mock npm...

6.6AI score

Exploits0

Fedora•added 2025/11/10 12:47 a.m.•3 views

[SECURITY] Fedora 43 Update: python-cloudpickle-3.1.2-1.fc43

cloudpickle makes it possible to serialize Python constructs not supported by the default pickle module from the Python standard library. cloudpickle is especially useful for cluster computing where Python expressions are shipped over the network to execute on remote hosts, possibly close to the...

7.2AI score

Exploits0

Veracode•added 2025/11/04 6:56 a.m.•2 views

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...

7.3CVSS7AI score0.00006EPSS

Exploits1References4Affected Software1

Snyk•added 2025/11/01 6:46 a.m.•2 views

Eval Injection

Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Eval Injection due to using the function eval unsafe in the compileLambda function in the talkpipe/util/datamanipulation.py file. An attacker can execute...

9.8CVSS7.8AI score

Exploits0References3

RedhatCVE•added 2025/10/22 4:13 a.m.•5 views

CVE-2025-62695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master...

6.9CVSS6AI score0.00056EPSS

Exploits0References1