Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence inj
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment na
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the Fro
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownload
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Down
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server an
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Sect
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invok
CVE-2026-33642
CRITICAL CVSS 9.8
Find Similar
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 3
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the de
Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This is
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_y
CVE-2025-34089
CRITICAL CVSS 9.3
Find Similar
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to T
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnera
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6
CVE-2025-30580
CRITICAL CVSS 10.0
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation re
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure a