CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6950 matches found

Snyk•added 2025/10/20 2:42 p.m.•3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the lwsadnsparselabel function when the LWSWITHSYSASYNCDNS flag is enabled during compilation. An attacker can execute arbitrary code or cause a crash by crafting a malicious DNS response with a label...

7.6CVSS6AI score0.0027EPSS

Exploits0References2

Positive Technologies•added 2025/10/20 12:0 a.m.•5 views

PT-2025-42761

Name of the Vulnerable Software and Affected Versions libwebsockets affected versions not specified Description A stack-based buffer overflow exists in the lws adns parse label function within libwebsockets. This occurs when the LWS WITH SYS ASYNC DNS flag is enabled during compilation and an...

7.5CVSS7AI score0.00369EPSS

Exploits0References16

OSV•added 2025/10/19 7:8 p.m.•4 views

JLSEC-2025-140 FFmpeg n6.1.1 is Integer Overflow

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

9.1CVSS6.9AI score0.00621EPSS

Exploits0References3

OSV•added 2025/10/19 7:8 p.m.•3 views

JLSEC-2025-105 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...

8.8CVSS7AI score0.02024EPSS

Exploits1References3

OSV•added 2025/10/19 7:8 p.m.•4 views

JLSEC-2025-119 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729...

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

5.5CVSS7.1AI score0.0088EPSS

Exploits1References3

OSV•added 2025/10/17 5:40 p.m.•4 views

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

7.5CVSS7.1AI score0.22791EPSS

Exploits2References13

SUSE Linux•added 2025/10/17 2:32 p.m.•4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708...

9.2CVSS7.8AI score0.02838EPSS

Exploits6References1906

SUSE CVE•added 2025/10/16 11:24 p.m.•4 views

SUSE CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

6.4AI score0.00168EPSS

Exploits0References3

RedhatCVE•added 2025/10/16 5:47 p.m.•5 views

CVE-2025-62381

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...

8.3CVSS7.9AI score0.00505EPSS

Exploits0References1

RedhatCVE•added 2025/10/16 12:40 p.m.•11 views

CVE-2025-39974

5.5CVSS5.7AI score0.00168EPSS

Exploits0References4

Snyk•added 2025/10/16 7:51 a.m.•1 views

Malicious Package

Overview vite-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score

Exploits0References3

Snyk•added 2025/10/16 7:51 a.m.•3 views

Malicious Package

Overview parse-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References3

RedhatCVE•added 2025/10/15 10:27 p.m.•9 views

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS7.6AI score0.00374EPSS

Exploits0References1

Snyk•added 2025/10/15 7:43 p.m.•5 views

Prototype Pollution

Overview sveltekit-superforms is a Making SvelteKit forms a pleasure to use! Affected versions of this package are vulnerable to Prototype Pollution via the parseFormData function. An attacker can inject properties into Object.prototype by submitting specially crafted form parameters, which can...

8.3CVSS8.2AI score0.00505EPSS

Exploits0References2

OSV•added 2025/10/15 5:12 p.m.•6 views

CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

8.3CVSS8.1AI score0.00505EPSS

Exploits0References4