CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8437 matches found

EUVD•added 2025/11/14 8:0 a.m.•4 views

EUVD-2025-186557

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.3AI score0.00031EPSS

Exploits0References2

OSV•added 2025/11/13 11:37 p.m.•3 views

MGASA-2025-0290 Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

7.5CVSS6.8AI score0.00349EPSS

Exploits0References3

EUVD•added 2025/11/13 6:31 p.m.•3 views

EUVD-2025-175318

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS6.8AI score0.00102EPSS

Exploits0References2

Vulnrichment•added 2025/11/13 3:7 p.m.•2 views

CVE-2025-62484 Zoom Workplace Clients - Inefficient Regular Expression Complexity

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS6.9AI score0.00102EPSS

Exploits0References1

Positive Technologies•added 2025/11/13 12:0 a.m.•2 views

PT-2025-46839

Name of the Vulnerable Software and Affected Versions Zoom Workplace Clients versions prior to 6.5.10 Description An inefficient regular expression complexity in certain Zoom Workplace Clients may allow an unauthenticated user to conduct an escalation of privilege via network access. The issue...

9.8CVSS6.9AI score0.00102EPSS

Exploits0References6

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2020-8492)

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. This plugin...

7.1CVSS6.8AI score0.02728EPSS

Exploits1References4

OSV•added 2025/11/11 3:19 p.m.•1 views

MAL-2025-116676 Malicious code in regular_guppy_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3efdfe8ff1854f9bb572f43da75c81cf37046a4994ad45a3ecc770a5c57ac922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

EUVD•added 2025/11/11 3:19 p.m.•3 views

EUVD-2025-89208

Malicious code in regularguppyz3n npm...

6.6AI score

Exploits0

IBM Security Bulletins•added 2025/11/11 1:52 p.m.•18 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS7AI score0.01535EPSS

Exploits4Affected Software1

RedHat Linux•added 2025/11/11 8:21 a.m.•3 views

kernel: ext4: only dirty folios when data journaling regular files

In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:...

5.5CVSS5.8AI score0.00077EPSS

Exploits0References5

EUVD•added 2025/11/11 7:31 a.m.•1 views

EUVD-2025-78465

Malicious code in regularmeadowlarkz3n npm...

6.6AI score

Exploits0

OSV•added 2025/11/11 12:41 a.m.•1 views

MAL-2025-70261 Malicious code in regular-blush-heron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 701cf95dd3d10fa91840b0643c097fe4584a6c16f9f60c1c8aa4d26bf646ee97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

EUVD•added 2025/11/11 12:41 a.m.•0 views

EUVD-2025-52387

Malicious code in regular-copper-opossum npm...

6.6AI score

Exploits0

EUVD•added 2025/11/11 12:41 a.m.•2 views

EUVD-2025-52386

Malicious code in regular-gray-duck npm...

6.6AI score

Exploits0

EUVD•added 2025/11/11 12:41 a.m.•2 views

EUVD-2025-52388

Malicious code in regular-blush-heron npm...

6.6AI score

Exploits0

EUVD•added 2025/11/11 12:41 a.m.•1 views

EUVD-2025-52389

Malicious code in regular-aqua-heron npm...

6.6AI score

Exploits0

Veracode•added 2025/11/10 7:1 a.m.•5 views

Regular Expression Denial Of Service (ReDoS)

sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...

7.5CVSS6.9AI score0.00521EPSS

Exploits1References10Affected Software1