CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/04 7:44 p.m.•3 views

Allocation of Resources Without Limits or Throttling

5.3CVSS5.8AI score0.00048EPSS

Snyk•added 2026/05/04 7:44 p.m.•2 views

Allocation of Resources Without Limits or Throttling

5.3CVSS5.8AI score0.00048EPSS

Snyk•added 2026/01/22 8:26 p.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

8.7CVSS6.3AI score0.00061EPSS

OSV•added 2025/12/12 8:14 p.m.•2 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7AI score0.00024EPSS

Exploits0References5

EUVD•added 2025/12/09 6:30 p.m.•1 views

EUVD-2023-60151

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfsbmaplookupatlevel may return the same...

6.2AI score0.00061EPSS

Exploits0References10

NVD•added 2025/12/09 4:17 p.m.•1 views

CVE-2023-53845

0.00061EPSS

Exploits0References9

Cvelist•added 2025/12/09 1:30 a.m.•26 views

CVE-2023-53845 nilfs2: fix infinite loop in nilfs_mdt_get_block()

0.00061EPSS

Exploits0References9

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-187085 Malicious code in gacrux-supercluster-superposition-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fd0f296964ee5e1b57fefbbe530b24988b598dea0bc5f6477df3d3f09c666a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

OSSF Malicious Packages•added 2025/11/12 7:18 p.m.•2 views

Malicious code in goodaan-ngafsa-nuf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3008ba076dd8d09dd5fb5aad54c5be18ce782b89ea1012914435c1ec9dbc3c5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 4:47 p.m.•2 views

Malicious code in bufpani-mau-naffu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ee934b8a22e8eeab40352381dfb56a3607b4d10c925f214295b954fa0f46201 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

RedHat Linux•added 2025/11/12 12:40 a.m.•1 views

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

7.8CVSS6.8AI score0.00015EPSS

Exploits0References5

OSV•added 2025/11/11 8:46 p.m.•1 views

MAL-2025-130802 Malicious code in umi-donat94-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3df9ecada6005210a720cea4716b528dc5bcd66cef9396bed8114645be2133cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

OSSF Malicious Packages•added 2025/11/11 7:44 a.m.•2 views

Malicious code in fellow_goldfish-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46037a3b753896dee2453259512fad330db1f5121fd7dd6e4fd947dc738bba80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 3:48 a.m.•2 views

Malicious code in practical_swordfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a959c451784c44fec09bd1f1993013140aa8a94f010c9501e006e2d8ee43b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 3:48 a.m.•2 views

Malicious code in putri-oblok39-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f0aa6098d641c82040e34b4bdf75e1076c6d53e4e1ccb8ff08e8bccfa2d6a18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 12:41 a.m.•2 views

Malicious code in elaborate-teal-ptarmigan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0692839c189e71f0aa9317e0c2c014c6351a629e85ece940289bf9336f19df20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...