CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/04/01 12:0 a.m.•4 views

PT-2025-14115 · Unknown +1 · React-Tooltip +1

Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: The issue arises from custom tool-tip components using react-tooltip, which set content as raw HTML and inject it into the DOM on hover. This, combined with loose Content Security Policy restriction...

8.7CVSS7.1AI score0.00331EPSS

Exploits1References4

vulnersOsv•added 2025/03/31 5:31 p.m.•7 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-31125 Source advisory:...

7.5CVSS6.6AI score0.621EPSS

Exploits9

OSSF Malicious Packages•added 2025/03/28 12:38 p.m.•7 views

Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

OSV•added 2025/03/28 12:38 p.m.•3 views

Exploits0

MAL-2025-2836 Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSSF Malicious Packages•added 2025/03/28 8:55 a.m.•4 views

Malicious code in react-html2pdf.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be6d515bfa8ee2ff472a78fae780650681611a5d7184b12d85b273b398597172 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/28 8:55 a.m.•12 views

MAL-2025-2781 Malicious code in react-html2pdf.js (npm)

OSSF Malicious Packages•added 2025/03/28 8:12 a.m.•4 views

Malicious code in ecko-wallet-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0abf27a0a21da3cbad3585aecbe105d054575fe79c1b9c788c93ff4b6478bcab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/28 8:12 a.m.•3 views

MAL-2025-2757 Malicious code in ecko-wallet-react (npm)

OSSF Malicious Packages•added 2025/03/28 8:12 a.m.•3 views

Malicious code in ecko-dex-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d26b6d8be6f7dbf592bade371103317c029f4297df9557c79997a41d18e2c3c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/28 8:12 a.m.•3 views

MAL-2025-2755 Malicious code in ecko-dex-react (npm)

OSSF Malicious Packages•added 2025/03/28 3:39 a.m.•4 views

Malicious code in @takamol/ets-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f82dcc5edf4748a4186895186924ee28e0f55fe782fe6b7e4d4f6ffe895195d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/03/28 3:39 a.m.•4 views

Malicious code in @takamol/react-qiwa-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 793f690e0bffdd7f7b94c843db756d422d1d76e710507c5f07fec74703d68b55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

vulnersOsv•added 2025/03/27 6:0 p.m.•6 views

@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +56 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =0.6.2, =1.0.1, =2.8.0-canary.140, =2.27.0 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

5.3CVSS5.9AI score0.00444EPSS

Exploits0

vulnersOsv•added 2025/03/25 2:0 p.m.•6 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-30208 via vite (>=6.0.0 <=6.0.11)

7.5CVSS6.7AI score0.76736EPSS

Exploits28

OSSF Malicious Packages•added 2025/03/25 8:49 a.m.•3 views

Malicious code in react-fiber-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a91ebc181430303bf3b5c3bc93cd1bf2a4b2727ab2767fa5998456f8602156 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/25 8:49 a.m.•3 views

MAL-2025-2699 Malicious code in react-fiber-debugger (npm)

OSSF Malicious Packages•added 2025/03/25 8:46 a.m.•3 views

Malicious code in mm-react-gpt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a777feae3d9f0ba145555d872c6749a18d3f877dd9617efe5a5856eb06a366e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/25 8:46 a.m.•3 views

MAL-2025-2691 Malicious code in mm-react-gpt (npm)