CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/07 9:18 a.m.•5 views

CVE-2025-1434

The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected...

6.1CVSS6AI score0.00144EPSS

RedhatCVE•added 2026/01/07 9:17 a.m.•7 views

CVE-2025-1831

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The...

9.8CVSS7.2AI score0.0006EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:11 a.m.•14 views

CVE-2025-1639

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...

8.8CVSS6.8AI score0.11097EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:10 a.m.•10 views

CVE-2022-27828

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities...

8.5CVSS6.7AI score0.00014EPSS

RedhatCVE•added 2026/01/07 9:10 a.m.•12 views

CVE-2022-27829

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities...

8.5CVSS6.7AI score0.00014EPSS

Packet Storm News•added 2025/12/27 12:0 a.m.•6 views

From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software

LLMs democratize software engineering by enabling non-programmers to create applications, but this same accessibility fundamentally undermines security assumptions that have guided software engineering for decades. We show in this work how publicly available LLMs can be socially engineered to...

6.8AI score

Packet Storm News•added 2025/12/20 12:0 a.m.•3 views

Software Vulnerability Management in the Era of Artificial Intelligence: An Industry Perspective

Artificial Intelligence AI has revolutionized software development, particularly by automating repetitive tasks and improving developer productivity. While these advancements are well-documented, the use of AI-powered tools for Software Vulnerability Management SVM, such as vulnerability detectio...

CISA•added 2025/12/11 12:0 p.m.•15 views

2025 CWE Top 25 Most Dangerous Software Weaknesses

The Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Homeland Security Systems Engineering and Development Institute HSSEDI, operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesseslink is...

7.2AI score

Exploits0References4

OSSF Malicious Packages•added 2025/12/03 3:59 p.m.•3 views

Malicious code in elf-stats-storybook-marshmallow-729 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea9e1e445ab784bb20608d634e3d9e01c84179338478a75b8029624e3ac3b1dd The package elf-stats-storybook-marshmallow-729 was found to contain malicious code...

7AI score

Packet Storm News•added 2025/12/02 12:0 a.m.•7 views

Is Vibe Coding Safe? Benchmarking Vulnerability of Agent-Generated Code in Real-World Tasks

Vibe coding is a new programming paradigm in which human engineers instruct large language model LLM agents to complete complex coding tasks with little supervision. Although it is increasingly adopted, are vibe coding outputs really safe to deploy in production? To answer this question, we propo...

OSSF Malicious Packages•added 2025/12/01 1:13 p.m.•4 views

Malicious code in ing-ideal-acquiring-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b98d8794a24b74ed659c1fcc64a270aa27181bb12f41b5b50e714177d46e8cf The package ing-ideal-acquiring-shared was found to contain malicious code...

7AI score

OSSF Malicious Packages•added 2025/12/01 12:53 p.m.•3 views

Malicious code in bybitapi.net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Packet Storm News•added 2025/12/01 12:0 a.m.•12 views

BackportBench: A Multilingual Benchmark for Automated Backporting of Patches

Many modern software projects evolve rapidly to incorporate new features and security patches. It is important for users to update their dependencies to safer versions, but many still use older, vulnerable package versions because upgrading can be difficult and may break their existing codebase...

OSV•added 2025/12/01 12:0 a.m.•3 views

ASB-A-388034510

Bulletin has no description...

7.8CVSS5.7AI score0.00006EPSS

OSSF Malicious Packages•added 2025/11/25 12:9 a.m.•4 views

Malicious code in @accordproject/concerto-linter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a266ef73fe4cd4e7227a57de2c97b342daf2ae0aed81e06b41bd9a55ab02d24 The package @accordproject/concerto-linter was found to contain malicious code. Source: ghsa-malware...