CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

9 matches found

SUSE CVE•added 2025/11/15 12:23 a.m.•1 views

SUSE CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7.1AI score0.00034EPSS

Exploits0References3

NVD•added 2025/11/13 8:15 p.m.•5 views

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS0.00034EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-0508

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.19024EPSS

Exploits0References6

Github Security Blog•added 2023/01/30 6:30 a.m.•24 views

Eta vulnerable to Code Injection via templates rendered with user-defined data

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.8CVSS6.2AI score0.19024EPSS

Exploits0References6Affected Software1

OSV•added 2023/01/30 6:30 a.m.•29 views

GHSA-MF6X-HRGR-658F Eta vulnerable to Code Injection via templates rendered with user-defined data

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.8CVSS8.6AI score0.19024EPSS

Exploits0References6

NVD•added 2023/01/30 5:15 a.m.•9 views

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.8CVSS8.4AI score0.19024EPSS

Exploits0References4

OSV•added 2023/01/30 5:15 a.m.•14 views

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.8CVSS9AI score

Exploits0References4

Prion•added 2023/01/30 5:15 a.m.•10 views

Remote code execution

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

6.5CVSS8.9AI score0.19024EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/01/30 5:0 a.m.•17 views

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.1CVSS9.2AI score0.19024EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by