Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13236 matches found

Snyk
Snykadded 2025/11/27 6:50 a.m.1 views

Malicious Package

Overview bitcoin-main-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/27 12:0 a.m.3 views

PT-2025-48270

Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 and through 2025.3.8 Description Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all...

9CVSS7.6AI score0.00033EPSS
Exploits0References18
CNNVD
CNNVDadded 2025/11/27 12:0 a.m.1 views

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...

8.8CVSS7.3AI score0.00033EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/26 5:57 p.m.6 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.4AI score0.00023EPSS
Exploits0References1
Snyk
Snykadded 2025/11/26 4:52 a.m.3 views

Malicious Package

Overview chai-jsons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snykadded 2025/11/26 4:51 a.m.1 views

Malicious Package

Overview chai-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVDadded 2025/11/26 12:15 a.m.4 views

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

8.7CVSS0.00076EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/26 12:0 a.m.2 views

PT-2025-48200

Name of the Vulnerable Software and Affected Versions Suricata versions 8.0.0 through 8.0.1 Description Suricata is a network IDS, IPS and NSM engine. A NULL dereference can occur in versions 8.0.0 through 8.0.1 when the entropy keyword is used in conjunction with base64 data. Disabling rules tha...

7.5CVSS6.5AI score0.00094EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/26 12:0 a.m.7 views

CVE-2025-55174

In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly...

3.2CVSS0.00012EPSS
Exploits0References3
EUVD
EUVDadded 2025/11/26 12:0 a.m.3 views

EUVD-2025-199713

In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly...

3.2CVSS6.2AI score0.00012EPSS
Exploits0References4
OSV
OSVadded 2025/11/25 10:18 p.m.4 views

JLSEC-2025-260 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_d...

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...

5.5CVSS5.7AI score0.00059EPSS
Exploits1References8
OSV
OSVadded 2025/11/25 8:39 p.m.3 views

GHSA-XV5P-FJW5-VRJ6 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...

8.8CVSS8.6AI score0.00562EPSS
Exploits1References5
Snyk
Snykadded 2025/11/25 9:42 a.m.4 views

Malicious Package

Overview xrpl-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snykadded 2025/11/25 9:42 a.m.1 views

Malicious Package

Overview rpc-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snykadded 2025/11/25 9:21 a.m.2 views

Malicious Package

Overview react-svgs-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSVadded 2025/11/25 5:15 a.m.3 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.1AI score
Exploits0References1
NVD
NVDadded 2025/11/25 5:15 a.m.3 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS0.00023EPSS
Exploits0References1
OSV
OSVadded 2025/11/25 5:15 a.m.0 views

UBUNTU-CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS5.8AI score0.00023EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/11/25 5:7 a.m.1 views

CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

4.2CVSS6AI score0.00023EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/25 5:7 a.m.2 views

EUVD-2025-199532

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

4.2CVSS5.9AI score0.00023EPSS
Exploits0References2
Rows per page
Query Builder