CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/29 3:5 a.m.•11 views

Malicious code in sorenson-webfonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d45b3e803fc04f697e067f5dfbc9a9c37878d1b7faed2ad4aea69dd9bed25c32 [email protected] is a hollow package: index.js is a 2-line stub 'use strict'; module.exports = ;, author/description fields are empty, and th...

5.6AI score

OSV•added 2026/05/29 3:5 a.m.•4 views

MAL-2026-5028 Malicious code in sorenson-webfonts (npm)

5.6AI score

NVD•added 2026/05/20 2:16 a.m.•11 views

CVE-2026-8610

4.3CVSS0.00303EPSS

Exploits0References4

Vulnrichment•added 2026/05/20 1:25 a.m.•4 views

CVE-2026-8610 TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter

EUVD•added 2026/05/20 1:25 a.m.•8 views

Exploits0References4

EUVD-2026-31029

ATTACKERKB•added 2026/05/20 1:25 a.m.•4 views

Exploits0References4

CVE-2026-8610

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Exploits0References5

WordPress plugin TypeSquare Webfonts for ConoHa 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Patchstack•added 2026/05/19 12:13 p.m.•6 views

WordPress TypeSquare Webfonts for ConoHa plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification vulnerability discovered by ? in WordPress Plugin TypeSquare Webfonts for ConoHa versions = 2.0.4...

4.3CVSS5.8AI score0.00303EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/18 12:11 a.m.•6 views

CVE-2025-63708

Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...

6.1CVSS6.2AI score0.00216EPSS

Exploits1References1

EUVD•added 2025/11/17 6:30 p.m.•3 views

EUVD-2025-197808

6.1CVSS5.7AI score0.00216EPSS

Exploits1References3

OSV•added 2025/11/17 4:15 p.m.•2 views

CVE-2025-63708

6.1CVSS6.1AI score0.00216EPSS

NVD•added 2025/11/17 4:15 p.m.•5 views

CVE-2025-63708

6.1CVSS0.00216EPSS

Cvelist•added 2025/11/17 12:0 a.m.•6 views

CVE-2025-63708

0.00216EPSS

CVE•added 2025/11/17 12:0 a.m.•17 views

CVE-2025-63708

Technical details for CVE-2025-63708 are not publicly available in the provided documents. No concrete information on affected products, versions, impact, or remediation is included here. Monitor for updates in the connected sources.

6.1CVSS5.8AI score0.00216EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/11/17 12:0 a.m.•2 views

CVE-2025-63708

5.8AI score0.00216EPSS

Positive Technologies•added 2025/11/17 12:0 a.m.•2 views

PT-2025-47156

Name of the Vulnerable Software and Affected Versions SourceCodester AI Font Matcher nid=18425 Description A Cross-Site Scripting XSS issue exists that enables remote attackers to execute arbitrary JavaScript in a user's browser. This occurs due to improper sanitization of font family names withi...

6.1CVSS5.9AI score0.00216EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-52522

Malicious code in bioql PyPI...

4.3CVSS8.9AI score0.0057EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-40047

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.0038EPSS