CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2127 matches found

CVE•added 2025/11/10 6:9 p.m.•40 views

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow privilege escalation to the rds_superuser role via a crafted function executed by a low-privileged authenticated user. Affected wrappers include AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, and AWS PGSQL ...

8.6CVSS6.5AI score0.00229EPSS

Exploits0References11

Cvelist•added 2025/11/10 6:9 p.m.•4 views

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

8.6CVSS0.00229EPSS

Exploits0References11

Positive Technologies•added 2025/11/10 12:0 a.m.•2 views

PT-2025-46181

Name of the Vulnerable Software and Affected Versions AWS JDBC Wrapper versions prior to 2.6.5 AWS Go Wrapper versions prior to 2025-10-17 AWS NodeJS Wrapper versions prior to 2.0.1 AWS Python Wrapper versions prior to 1.4.0 AWS PGSQL ODBC driver versions prior to 1.0.1 Description An issue in AW...

8.6CVSS6.7AI score0.00229EPSS

Exploits0References30

Fedora•added 2025/11/07 1:30 a.m.•4 views

[SECURITY] Fedora 42 Update: fcitx5-zhuyin-5.1.5-1.fc42

Libzhuyin Wrapper for Fcitx...

7AI score

Exploits0

Fedora•added 2025/11/07 1:30 a.m.•3 views

[SECURITY] Fedora 42 Update: fcitx5-libthai-5.1.7-1.fc42

Libthai Wrapper for Fcitx5...

7AI score

Exploits0

Fedora•added 2025/11/07 1:30 a.m.•4 views

[SECURITY] Fedora 42 Update: fcitx5-anthy-5.1.8-1.fc42

Anthy Wrapper for Fcitx5 Ported from scim-anthy. Released under GPL2+...

7AI score

Exploits0

Fedora•added 2025/11/07 1:30 a.m.•5 views

[SECURITY] Fedora 42 Update: fcitx5-hangul-5.1.8-1.fc42

Hangul Wrapper for Fcitx5...

7AI score

Exploits0

Gitee•added 2025/11/04 1:52 p.m.•132 views

autottp

This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...

6.6AI score

Exploits0

Fedora•added 2025/10/28 1:30 a.m.•7 views

[SECURITY] Fedora 42 Update: pcre2-10.46-1.fc42

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

9.1CVSS7AI score0.00056EPSS

Exploits1

OSV•added 2025/10/19 4:32 p.m.•2 views

MAL-2025-191747 Malicious code in hamubika (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c55b19e3a5ae01340f8c4aa8a68372eda1a6d5646f63a26658a1df75b4a2cf0c Packages that either reports home installation, simulate malicious activity or imitate Roblox API wrapper. --- Category: PROBABLYPENTEST - Packages looking lik...

7.4AI score

Exploits0References1

Github Security Blog•added 2025/10/17 6:31 p.m.•5 views

Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.4AI score0.00048EPSS

Exploits0References4Affected Software1

Snyk•added 2025/10/17 3:46 p.m.•1 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the fromconfig method that uses Python’s pickle module as a fall back when weightsonly=False. An attacker can execute arbitrary code ...

9.8CVSS7.9AI score0.00048EPSS

Exploits0References2

Positive Technologies•added 2025/10/17 12:0 a.m.•2 views

PT-2025-42617

Name of the Vulnerable Software and Affected Versions Keras versions 3.11.0 through 3.11.2 Description The Keras framework is susceptible to a critical security issue stemming from unsafe deserialization of untrusted data. Specifically, when loading Keras files containing a maliciously crafted...

9.8CVSS7.2AI score0.00048EPSS

Exploits0References32

IBM Security Bulletins•added 2025/10/14 6:10 p.m.•7 views

Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

7.5CVSS6.6AI score0.0071EPSS

Exploits0Affected Software1

Snyk•added 2025/10/07 4:33 a.m.•1 views

Malicious Package

Overview ad-react-wrapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2