CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/12/08 5:16 p.m.•4 views

CVE-2025-22432

6.7CVSS5.9AI score0.00093EPSS

Vulnrichment•added 2025/12/08 4:56 p.m.•4 views

CVE-2025-22432

6.4AI score0.00093EPSS

CVE•added 2025/12/08 4:56 p.m.•51 views

CVE-2025-22432

CVE-2025-22432 affects the Android Framework (CallRedirectionProcessor.java). The root cause is improper input validation in notifyTimeout, which may create a persistent connection and enable local escalation of privilege, triggering background activity launches with User privileges and no user i...

6.7CVSS6.4AI score0.00093EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/12/08 4:56 p.m.•20 views

CVE-2025-22432

0.00093EPSS

RedhatCVE•added 2025/12/04 12:11 a.m.•9 views

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

5.1CVSS7.1AI score0.00141EPSS

Exploits1References1

Packet Storm News•added 2025/12/04 12:0 a.m.•56 views

PBFuzz: Agentic Directed Fuzzing for PoV Generation

Proof-of-Vulnerability PoV input generation is a critical task in software security and supports downstream applications such as path generation and validation. Generating a PoV input requires solving two sets of constraints: 1 reachability constraints for reaching vulnerable code locations, and ...

7.2AI score

Exploits0

Securelist•added 2025/12/03 10:0 a.m.•13 views

Exploits and vulnerabilities in Q3 2025

In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the...

10CVSS9.3AI score0.99982EPSS

Exploits453

Tenable Nessus•added 2025/12/03 12:0 a.m.•11 views

Oracle Linux 9 : kernel (ELSA-2025-21112)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21112 advisory. - crypto: xts - Handle EBUSY correctly Vladis Dronov RHEL-119236 CVE-2023-53494 - ipv6: sr: Fix MAC comparison to be constant-time CKI Backport Bot...

7.8CVSS7.2AI score0.00528EPSS

Exploits0References14

OSV•added 2025/12/02 3:15 p.m.•5 views

CVE-2025-59694

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the insecurely configured appliance boot process. To exploit this, the attacker must modify the...

6.8CVSS5.8AI score0.00262EPSS

Exploits1References2

Cvelist•added 2025/11/29 3:6 a.m.•9 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS0.00237EPSS

Exploits0References1

OSV•added 2025/11/29 3:6 a.m.•5 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

8.7CVSS7AI score0.00237EPSS

Exploits0References3

OSV•added 2025/11/25 9:29 a.m.•2 views

MAL-2025-191463 Malicious code in initial-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bdfbaf17e5ea42f67e6327f5dfe8766f8a5f8d83fb4b390fc8d780da5555187 The package initial-path was found to contain malicious code. Source: ghsa-malware 014c829694ccb06463ad706603727d070cbf38be1e103200b54c1235ccc82611 A...

6.8AI score

OSSF Malicious Packages•added 2025/11/25 12:16 a.m.•7 views

Malicious code in @posthog/heartbeat-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...

Packet Storm News•added 2025/11/25 12:0 a.m.•8 views

Exploits0References3

From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection

Advanced Persistent Threats APT pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high dimensional features, and scarce real world traces. They often lack transferability-performing well ...

6.8AI score

Exploits0

OSSF Malicious Packages•added 2025/11/24 11:6 p.m.•6 views

Malicious code in nitro-kutu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c730e64b459919c937231de7e767a99ceca04f35011b70d3d95c5616092dead The package nitro-kutu was found to contain malicious code. Source: ghsa-malware e49eaa55b0b2cddde2728a2d6cfcc512771af0fa1cf78903a09e11d7b564d972 Any...

OSSF Malicious Packages•added 2025/11/24 10:38 p.m.•6 views

Malicious code in victoria-wallet-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db5621bc10f18615bd2282fd957a36730167a4e9318f35873c35258f033b2aad The package victoria-wallet-type was found to contain malicious code. Source: ghsa-malware...

OSSF Malicious Packages•added 2025/11/24 10:26 p.m.•5 views

Malicious code in obj-to-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16c28013383e05a71d5da9d3d7c0d685a6355e42251a9527e769061e13ce54bb The package obj-to-css was found to contain malicious code. Source: ghsa-malware ada9fa1c509e4ac91c240ba95d3953b53291943071c42aa967d243bd17682078 Any...