CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MAL-2026-5228 Malicious code in autotel-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in autotel-web (npm)

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in ai-sdk-ollama (npm)

MAL-2026-5200 Malicious code in @ethlete/core (npm)

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in executable-stories-vitest (npm)

MAL-2026-5248 Malicious code in eslint-plugin-executable-stories-playwright (npm)

MAL-2026-5230 Malicious code in autotel-subscribers (npm)

MAL-2026-5250 Malicious code in executable-stories-cypress (npm)

Positive Technologies•added 2 days ago•6 views

PT-2026-46986

Impact If an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that most email providers require 2FA to access email, so this issue is not very likely to cause...

5.9CVSS5.5AI score

Exploits0References5

EUVD•added 5 days ago•8 views

EUVD-2026-34028

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

8.8CVSS5.7AI score0.00053EPSS

Exploits1References1

Malwarebytes•added 5 days ago•9 views

These convincing copyright notices are designed to steal Google logins

A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your...

5.8AI score

Exploits0

NVD•added 5 days ago•9 views

CVE-2026-7201

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...

8.8CVSS0.0013EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity

8.8CVSS5.8AI score0.0013EPSS

Cvelist•added 5 days ago•33 views

CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS0.00019EPSS

CVE•added 5 days ago•14 views

CVE-2026-7195

CVE-2026-7195 affects Progress Sitefinity web services. The issue is CWE-20: Improper Input Validation in Sitefinity versions 14.1.x–14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630. A ...

8.8CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/27 2:16 p.m.•7 views

CVE-2024-40684

9.8CVSS0.0004EPSS

EUVD•added 2026/05/27 1:48 p.m.•5 views

EUVD-2024-55600

5.9CVSS5.8AI score0.0004EPSS