CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

827 matches found

Hacker One•added 2025/11/16 7:32 a.m.•14 views

curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash

Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...

6.7AI score

Exploits0

CERT•added 2025/11/07 12:0 a.m.•7 views

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution

Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...

9.8CVSS7.8AI score0.02152EPSS

Exploits1References6

Vulnrichment•added 2025/10/28 3:48 p.m.•3 views

CVE-2025-34294

...

6.5AI score0.00016EPSS

Exploits0

Positive Technologies•added 2025/10/28 12:0 a.m.•2 views

PT-2025-44187

Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description A time-of-check/time-of-use TOCTOU race condition exists in the File Integrity Monitoring FIM component when automatic threat removal is enabled. This can allow a local, low-privileged attacker...

7.1CVSS6.4AI score0.00016EPSS

Exploits0References7

Rapid7 Blog•added 2025/10/24 5:22 p.m.•7 views

Metasploit Wrap-Up 10/24/2025

Let us suggest persistence… This week's edition brings the new persistence suggester from h00die. Similar to the exploit variant, this module will list the available persistence mechanisms for your selected target. The module requires a session to target the machine, so it can run check methods...

7.2CVSS5.6AI score0.01347EPSS

Exploits6

OSV•added 2025/10/22 7:40 p.m.•4 views

GHSA-JFX9-29X2-RV3J pypdf can exhaust RAM via manipulated LZWDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...

8.7CVSS6.8AI score0.00402EPSS

Exploits0References6

Filippo.io•added 2025/10/10 2:33 p.m.•6 views

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises

Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...

6.3AI score

Exploits0