CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

6.1CVSS6.7AI score0.16443EPSS

Exploits3References2

Snyk•added 2026/05/21 4:12 p.m.•11 views

Malicious Package

Overview tailwindcss-theme-custom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

Exploits0References2

OSV•added 2026/05/18 5:55 p.m.•5 views

GHSA-JGG6-4RPR-WFH7 Broken dropper in @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp

Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published. Current investigation...

5.8AI score

Exploits0References2

Snyk•added 2026/05/04 7:46 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

5.3CVSS5.8AI score0.00333EPSS

Exploits1References2

GithubExploit•added 2026/04/27 8:29 a.m.•90 views

Sentinal-ai

Sentinal-ai Free, offline...

5.7AI score

Exploits0

Snyk•added 2026/04/16 9:28 p.m.•6 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...

9.1CVSS5.5AI score0.00323EPSS

Exploits0References2

GithubExploit•added 2026/04/09 3:4 p.m.•87 views

cybersentinel-agent

CyberSentinel Agent Defensive cybersecurity agent framework w...

6.1AI score

Exploits0

GithubExploit•added 2026/04/02 4:7 p.m.•127 views

Exploit for CVE-2026-28767

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

5.9AI score0.00486EPSS

Exploits1

Snyk•added 2026/03/06 6:54 a.m.•3 views

Open Redirect

Overview irrd is an Internet Routing Registry daemon IRRd Affected versions of this package are vulnerable to Open Redirect via manipulation of the Host header during the password reset or account creation. An attacker can gain unauthorized access to user accounts by sending crafted email links...

8.5CVSS5.8AI score0.00427EPSS

Exploits0References2

EUVD•added 2026/01/08 4:24 p.m.•4 views

EUVD-2026-1483

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9...

5.4CVSS6.1AI score0.00173EPSS

Exploits0References2

GithubExploit•added 2025/12/30 3:14 p.m.•198 views

Exploit for CVE-2025-14847

CVE-2025-14847-MongoBleed - Scanner+Detection+Exploit+Remediat...

8.7CVSS7.2AI score0.83007EPSS

Exploits39

EUVD•added 2025/12/24 12:30 a.m.•2 views

EUVD-2025-205021

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7.2AI score0.0033EPSS

Exploits1References7

IBM Security Bulletins•added 2025/12/09 10:37 p.m.•5 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in the mongo library (CVE-2025-0755)

Summary IBM® Db2® is affected by a vulnerability in MongoDB C driver library and may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible applicatio...

8.4CVSS7.3AI score0.00734EPSS

Exploits0Affected Software1

Snyk•added 2025/11/24 9:52 p.m.•2 views

Insertion of Sensitive Information Into Sent Data

Overview @sentry/astro is an Official Sentry SDK for Astro Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication cookies, by...

7.2CVSS6.6AI score0.00298EPSS

Exploits0References2

Snyk•added 2025/10/16 7:51 a.m.•0 views

Malicious Package

Overview sessionfiy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•8 views

EUVD-2020-0254

Malware in sbrugna...

6.8CVSS6.4AI score0.01578EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-49468

Malicious code in bioql PyPI...

9.9CVSS7.1AI score0.00828EPSS

Exploits0References3