CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1039 matches found

Vulnrichment•added 2025/12/30 12:41 a.m.•2 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.6AI score0.00363EPSS

Exploits0References3

CVE•added 2025/12/30 12:41 a.m.•13 views

CVE-2025-69217

CVE-2025-69217 pertains to coturn (TURN/STUN server). Affected releases: 4.6.2r5–4.7.0-r4 have a weak RNG for nonces and port randomization due to a refactor, using libc random() instead of OpenSSL RAND_bytes (non-Windows). Attacking with ~50 consecutive unauthenticated nonce requests can reconst...

7.7CVSS6.6AI score0.00363EPSS

Exploits0References3

Positive Technologies•added 2025/12/11 12:0 a.m.•5 views

PT-2025-51134

It was discovered that c-ares incorrectly handled terminating certain queries after a maximum number of attempts. An attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-7925-1 to fix the vulnerability. The...

5.9CVSS7AI score0.0039EPSS

Exploits0References3

OSSF Malicious Packages•added 2025/11/12 10:25 p.m.•3 views

Malicious code in libc-ubg-aga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba2220998ace09a52355c3bfe6a1070cbc6c6d580c59ac7b198767e37075aee5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSV•added 2025/11/12 10:25 p.m.•2 views

MAL-2025-183339 Malicious code in libc-ug-atag (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e45fe92289839e2b295d452a65ae4208dd084b33743c0b7ef06b4b8b9c087240 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

Snyk•added 2025/10/21 3:41 p.m.•5 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the DMS::InternalDecode function. An attacker can hijack the program's control flow by overwriting a return address to point to a libc function ret2libc and execute arbitrary code or cause a crash by providing special...

8.8CVSS6.3AI score0.02152EPSS

Exploits3References2

OSV•added 2025/10/15 3:31 p.m.•3 views

CLSA-2025-1760542306 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix buffer underallocation in assert and libcfatal mmap handling...

6.2CVSS6.9AI score0.00335EPSS

Exploits0References1

OSV•added 2025/10/14 4:52 p.m.•2 views

CLSA-2025-1760460711 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix buffer underallocation in assert and libcfatal mmap handling...

6.2CVSS6.9AI score0.00335EPSS

Exploits0References1