CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

RedhatCVE•added 2025/11/28 6:3 a.m.•4 views

CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

8.7CVSS7.1AI score0.00112EPSS

Exploits2References1

vulnersOsv•added 2025/11/28 4:41 a.m.•1 views

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)

org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: SNYK:JAVA-ORGMUSTANGPROJECT-14147555...

2.8CVSS5.8AI score0.00011EPSS

Exploits0

OSSF Malicious Packages•added 2025/10/07 12:21 a.m.•2 views

Malicious code in @hash-validator/v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be7ccca438d061fd1d98fb1061421f517bccb37ba164e017caf7b8f8db366e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

OSSF Malicious Packages•added 2025/07/17 11:54 p.m.•2 views

Malicious code in eth-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7abd5491d54b588d04ced891539747a0d295877ddfcba02d67fa05ff8953d60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2025/05/20 3:31 a.m.•1 views

MAL-2025-4051 Malicious code in evm-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 494cc8b639f73ed70f7e4ee37496ef90ce35133711784f16e856e73ee4badb06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSV•added 2025/03/12 8:25 p.m.•2 views

MAL-2025-2308 Malicious code in empty-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4f29eb4e06a456c0243473ddb4cf4b5953ab107489b4a79b5f3ccbebf67ebcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OpenVAS•added 2025/02/24 12:0 a.m.•10 views

Debian: Security Advisory (DLA-4066-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.0077EPSS

Exploits0References2

OSSF Malicious Packages•added 2024/06/25 1:48 p.m.•4 views

Malicious code in android-string_resources_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0References1

SUSE CVE•added 2023/02/15 5:24 a.m.•1 views

SUSE CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

6.1CVSS7.4AI score0.00444EPSS

Exploits1References3

RedhatCVE•added 2022/09/13 9:13 a.m.•23 views

CVE-2021-3765

A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS5.7AI score0.00044EPSS

Exploits1References4

OpenVAS•added 2022/01/01 12:0 a.m.•15 views

Debian: Security Advisory (DSA-5033-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.01889EPSS

Exploits0References4

Prion•added 2017/01/23 9:59 p.m.•8 views

Cross site scripting

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

4.3CVSS6.2AI score0.00444EPSS

Exploits1References3Affected Software1

UbuntuCve•added 2017/01/23 9:59 p.m.•17 views

CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

6.1CVSS6.7AI score0.00444EPSS

Exploits1References4

OSV•added 2017/01/23 9:59 p.m.•0 views

UBUNTU-CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

6.1CVSS6.7AI score0.00444EPSS

Exploits1References5

NVD•added 2017/01/23 9:59 p.m.•9 views

CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

6.1CVSS6.1AI score0.00444EPSS

Exploits1References3

CVE•added 2017/01/23 9:0 p.m.•50 views

CVE-2014-9772

The CVE-2014-9772 entry concerns the validator package for Node.js. Affected versions are prior to 2.0.0, where the built-in XSS filter can be bypassed using hex-encoded characters. This can allow bypass of the filter and may enable script execution in contexts that rely on the validator’s XSS pr...

6.1CVSS6.1AI score0.00444EPSS

Exploits1References3Affected Software1