CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/03/01 4:13 a.m.•3 views

Malicious code in figma-plugins-and-widgets (npm)

6.8AI score

OSSF Malicious Packages•added 2025/02/28 4:34 p.m.•6 views

Malicious code in webbundle-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c94c458984a089f14be87d45c3ac4355e1ba06610c50abbcbb0f172160e5a38e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

OSV•added 2025/02/28 4:34 p.m.•5 views

MAL-2025-1563 Malicious code in webbundle-plugins (npm)

7AI score

Tenable Nessus•added 2025/02/28 12:0 a.m.•14 views

Debian dla-4071 : gstreamer1.0-gtk3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4071 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4071-1 [email protected]...

9.8CVSS7.3AI score0.01344EPSS

Exploits0References46

Debian•added 2025/02/27 9:55 p.m.•5 views

[SECURITY] [DLA 4071-1] gst-plugins-good1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4071-1 [email protected] https://www.debian.org/lts/security/ Bastien RoucariÃ¨s February 27, 2025 https://wiki.debian.org/LTS -...

9.8CVSS8.1AI score0.01344EPSS

RedHat Linux•added 2025/02/27 4:14 p.m.•4 views

Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.

Red Hat Developer Hub 1.4.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

6.8CVSS6.5AI score0.00803EPSS

Exploits1References6

Wordfence Blog•added 2025/02/27 3:56 p.m.•54 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 17, 2025 to February 23, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS10AI score0.25991EPSS

Exploits43

OSV•added 2025/02/27 12:0 a.m.•16 views

DLA-4071-1 gst-plugins-good1.0 - security update

Bulletin has no description...

9.8CVSS7AI score0.01344EPSS

IBM Security Bulletins•added 2025/02/26 6:41 p.m.•19 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moby

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moby. Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine,...

9.9CVSS9.5AI score0.16496EPSS

Exploits0Affected Software1

Snyk•added 2025/02/25 4:40 p.m.•2 views

Improper Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Authorization via the update.php file which allows an attacker to disable all active plugins by...

6.9CVSS4.8AI score0.00263EPSS

Exploits0References2

NVD•added 2025/02/25 4:15 p.m.•14 views

CVE-2025-23024

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

6.9CVSS0.00263EPSS

Exploits0References2

OSV•added 2025/02/25 4:15 p.m.•1 views

UBUNTU-CVE-2025-23024

6.9CVSS7.3AI score0.00263EPSS

Exploits0References4

CVE•added 2025/02/25 3:47 p.m.•86 views

CVE-2025-23024

GLPI (asset/IT management software) is affected by CVE-2025-23024 in versions prior to 10.0.18, where an anonymous user can disable all active plugins. The vendor patch is applied in 10.0.18. As a workaround, deletion of install/update.php is suggested. The CVSS and related metrics in the primary...

6.9CVSS7.1AI score0.00263EPSS

Exploits0References2Affected Software1

Wolfi•added 2025/02/25 3:16 p.m.•61 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: kubeadm-bootstrap-controller, envoy-ratelimit, pulumi, nri-mongodb, configmap-reload, gke-gcloud-auth-plugin, kubernetes-csi-livenessprobe, nri-f5, thanos, dataplaneapi, kubeflow-pipelines, kubernetes-event-exporter, protoc-gen-go-grpc, dgraph, kube-state-metrics,...

Chainguard•added 2025/02/25 1:11 p.m.•16 views

GHSA-J7VJ-RW65-4V26 vulnerabilities

Vulnerabilities for packages: kpt, osv-scanner, extism, istio-fips, stern, consul-fips, oauth2-proxy, ollama, fluent-operator, go-fips, kustomize-fips, kyverno-policy-reporter-kyverno-plugin, sbomqs, rook, harbor-scanner-trivy, k8s-device-plugin, kafkaexporter, kaniko, k8ssandra-operator,...

Chainguard•added 2025/02/25 1:11 p.m.•11 views

GHSA-8XFX-RJ4P-23JM vulnerabilities

Chainguard•added 2025/02/25 1:11 p.m.•16 views

GHSA-3F6R-QH9C-X6MM vulnerabilities

Vulnerabilities for packages: kpt, osv-scanner, extism, istio-fips, aws-network-policy-agent-fips, openbao-fips, consul-fips, podman, oauth2-proxy, fluent-operator, go-fips, kustomize-fips, kyverno-policy-reporter-kyverno-plugin, sbomqs, modelmesh-runtime-adapter,...