CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Snyk•added 2026/01/16 4:43 p.m.•2 views

Malicious Package

Overview vet-bones is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/01/10 10:0 a.m.•7 views

Malicious code in vet-bones (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3ce97e3af4cf9c82b0a51f4b693273ac59c6b1357b445b5613fbdcf7edec9a9 The package vet-bones was found to contain malicious code. Source: ghsa-malware 963e426141db06e18a04d497aed8ab05c8c6acfc76e6570d7c4a0bd2d81d7658 Any...

7AI score

Exploits0References1

OSV•added 2026/01/10 10:0 a.m.•5 views

MAL-2026-199 Malicious code in vet-bones (npm)

7AI score

Exploits0References1

Veracode•added 2025/11/13 7:23 a.m.•5 views

DNS Rebinding Attack

github.com/safedep/vet is vulnerable to DNS rebinding attack. The vulnerability is due to the lack of HTTP Host and Origin header validation, which allows an attacker to access data from the vet scan sqlite3 database remotely when vet is used as an MCP server in SSE mode with default ports...

2.1CVSS7AI score0.00185EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2025/10/24 11:23 p.m.•2 views

SUSE CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE...

2.1CVSS6.8AI score0.00185EPSS

Exploits0References2

OSV•added 2025/10/23 4:25 p.m.•3 views

GO-2025-3986 vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet

vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet...

2.1CVSS6.9AI score0.00185EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2005-3224

Malware in sbrugna...

5.1CVSS6.4AI score0.00302EPSS

Exploits0References3

RedhatCVE•added 2025/09/30 10:46 p.m.•2 views

CVE-2025-59163

2.1CVSS6.8AI score0.00185EPSS

Exploits0References1

NVD•added 2025/09/29 10:15 p.m.•3 views

CVE-2025-59163

2.1CVSS0.00185EPSS

Exploits0References3

OSV•added 2025/09/29 9:51 p.m.•2 views

CVE-2025-59163 vet MCP Server SSE Transport DNS Rebinding Vulnerability

2.1CVSS6.5AI score0.00185EPSS

Exploits0References5

CVE•added 2025/09/29 9:51 p.m.•10 views

CVE-2025-59163

CVE-2025-59163 describes a DNS rebinding vulnerability in the vet MCP Server SSE Transport within the open-source vet tool (github.com/safedep/vet). The issue arises from missing validation of HTTP Host and Origin headers, enabling remote attackers to access data from the vet scan sqlite3 databas...

2.1CVSS6.4AI score0.00185EPSS

Exploits0References3

Cvelist•added 2025/09/29 9:51 p.m.•6 views

CVE-2025-59163 vet MCP Server SSE Transport DNS Rebinding Vulnerability

2.1CVSS0.00185EPSS

Exploits0References3

OSV•added 2025/09/29 4:28 p.m.•1 views

GHSA-6Q9C-M9FR-865M vet MCP Server SSE Transport DNS Rebinding Vulnerability

SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. To exploit this vulnerability following conditions must be met: 1. A vet scan is executed and reports are saved as sqlite3 database 2. A vet MCP server is running on default port with SSE...

2.1CVSS6.7AI score0.00185EPSS

Exploits0References6

Github Security Blog•added 2025/09/29 4:28 p.m.•2 views

vet MCP Server SSE Transport DNS Rebinding Vulnerability

2.1CVSS6.7AI score0.00185EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2025/09/29 12:0 a.m.•2 views

PT-2025-39909

Name of the Vulnerable Software and Affected Versions vet versions prior to 1.12.5 Description The software is susceptible to a DNS rebinding attack because of missing HTTP Host and Origin header validation. When used as an MCP server in SSE mode with default ports, the sqlite3 database containin...

9.9CVSS6.4AI score0.06448EPSS

Exploits11References49

Openbugbounty•added 2023/10/13 8:48 a.m.•13 views

vet-congress.at Cross Site Scripting vulnerability OBB-3746474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score

Exploits0

Openbugbounty•added 2023/05/17 3:40 p.m.•15 views

vet-congress.ch Cross Site Scripting vulnerability OBB-3348760

6.1AI score

Exploits0

Openbugbounty•added 2023/05/17 3:9 p.m.•13 views

vet-congress.at Cross Site Scripting vulnerability OBB-3348658

6.1AI score

Exploits0

Openbugbounty•added 2022/08/08 3:11 a.m.•13 views

centralfremantlevet.com.au Cross Site Scripting vulnerability OBB-2829737

6.2AI score

Exploits0

Fedora•added 2022/07/31 1:37 a.m.•14 views

[SECURITY] Fedora 36 Update: golang-x-tools-0.1.10-3.fc36

This package holds the source for various tools that support the Go programmi ng language. Some of the tools, godoc and vet for example, are included in binary Go distributions. Others, including the Go guru and the test coverage tool, can be fetched with go get. Packages include a type-checker f...

7.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by