CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

EUVD•added 2025/11/12 4:47 p.m.•1 views

EUVD-2025-147366

Malicious code in uafagarug-midfafoi-sut npm...

6.6AI score

Exploits0

The Hacker News•added 2025/10/13 11:50 a.m.•3 views

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the...

6.8AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-29019

Malware in sbrugna...

8.8CVSS8.6AI score0.0005EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-2480

Malware in sbrugna...

7.8CVSS7.8AI score0.00224EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-31364

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00364EPSS

Exploits1References16

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-1313

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.11017EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-9720

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00071EPSS

Exploits0References2

OSV•added 2025/06/11 11:45 a.m.•4 views

BIT-DISCOURSE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

9.8CVSS6.9AI score0.0069EPSS

Exploits0References2

OpenVAS•added 2025/06/10 12:0 a.m.•3 views

Discourse < 3.4.4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

9.8CVSS7.5AI score0.0069EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 5:38 a.m.•3 views

CVE-2023-26750

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework...

9.8CVSS8.8AI score0.11017EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:17 p.m.•1 views

CVE-2020-0872

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'...

9.6CVSS8.4AI score0.04009EPSS

Exploits0References1

OSV•added 2025/04/18 3:10 p.m.•4 views

GHSA-H9W6-F932-GQ62 ses's global contour bindings leak into Compartment lexical scope

Impact Web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used const, let, and class bindings in the top-level scope of a tag will have inadvertently revealed these bindings in the lexical scope...

8.7CVSS7.1AI score0.00397EPSS

Exploits0References3

Positive Technologies•added 2025/04/18 12:0 a.m.•1 views

PT-2025-17316 · Ses · Ses

Name of the Vulnerable Software and Affected Versions: SES versions prior to 1.12.0 Description: The issue arises when using the SES and Compartment API to evaluate third-party code in an isolated environment. In versions prior to 1.12.0, top-level let, const, and class bindings in tags are...

8.7CVSS6.4AI score0.00397EPSS

Exploits0References9

CNNVD•added 2025/04/18 12:0 a.m.•1 views

npm SES 安全漏洞

npm SES is a library from the US company npm. A security vulnerability exists in npm SES versions prior to 1.12.0 that stems from third-party code that may access top-level bindings...

8.7CVSS6.7AI score0.00397EPSS

Exploits0References1

NVD•added 2025/04/04 10:15 a.m.•3 views

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

7.3CVSS0.00071EPSS

Exploits0References1

Vulnrichment•added 2025/04/04 9:53 a.m.•3 views

CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)

6.9CVSS7.3AI score0.00071EPSS

Exploits0References1

OSV•added 2024/10/09 3:48 p.m.•4 views

DRUPAL-CONTRIB-2024-045

This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure. A function which can be used by third-party code does not return valid data under certain rare circumstances. If the third-party code relies on this data to decide whether to grant...

9.1CVSS7AI score0.00224EPSS

Exploits0References1

The Hacker News•added 2023/05/19 10:40 a.m.•44 views

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were availabl...

7.1AI score

Exploits0

OSV•added 2023/04/04 3:15 p.m.•4 views

CVE-2023-26750

9.8CVSS9.8AI score

Exploits0References4