CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-7792

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00181EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-54618

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.0006EPSS

Exploits0References4

RedhatCVE•added 2025/06/04 12:14 a.m.•2 views

CVE-2024-57783

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML in render.js, and because the Electron window can access Node.js APIs...

8.1CVSS6.3AI score0.0006EPSS

Exploits0References1

NVD•added 2025/06/02 2:15 p.m.•6 views

CVE-2024-57783

8.1CVSS0.0006EPSS

Exploits0References3

Vulnrichment•added 2025/06/02 12:0 a.m.•3 views

CVE-2024-57783

8.1CVSS6.4AI score0.0006EPSS

Exploits0References3

Cvelist•added 2025/06/02 12:0 a.m.•8 views

CVE-2024-57783

8.1CVSS0.0006EPSS

Exploits0References3

RedhatCVE•added 2025/03/09 4:32 p.m.•16 views

CVE-2025-27597

Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the...

9.3CVSS7.8AI score0.00181EPSS

Exploits0References1

OSV•added 2025/02/06 6:31 a.m.•4 views

GHSA-R7JX-5M6M-CPG9 eazy-logger prototype pollution

A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing deni...

7.5CVSS7.5AI score0.00097EPSS

Exploits0References4

Vulnrichment•added 2024/11/29 6:36 p.m.•22 views

CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4

@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...

6.9CVSS7.8AI score0.00103EPSS

Exploits0References2

OSV•added 2024/11/29 6:36 p.m.•11 views

CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4

6.9CVSS7.4AI score0.00103EPSS

Exploits0References4

Cvelist•added 2024/11/29 6:36 p.m.•20 views

CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4

6.9CVSS0.00103EPSS

Exploits0References2

CVE•added 2024/11/29 6:36 p.m.•84 views

CVE-2024-52810

CVE-2024-52810 covers a Prototype Pollution vulnerability in the package @intlify/shared (v10.0.4). The entry function lib.deepCopy can be fed with a crafted object to pollute the global Object prototype, enabling denial of service and potentially enabling further injection-based attacks if pollu...

6.9CVSS7.6AI score0.00103EPSS

Exploits0References2

NVD•added 2024/11/14 6:15 p.m.•9 views

CVE-2024-49362

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

9.6CVSS0.01727EPSS

Exploits1References1

OSV•added 2024/11/14 5:38 p.m.•11 views

GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

7.7CVSS8.1AI score0.01727EPSS

Exploits1References3