CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•4 views

PT-2026-45830

6.5CVSS5.7AI score0.00059EPSS

Exploits0References2

CVE•added 3 days ago•11 views

CVE-2026-49135

CVE-2026-49135 affects CodexBar up to version 0.31.x (before 0.32.0). The issue is insecure temporary file handling in the notarization workflow, enabling a local attacker with access to the same host to read the App Store Connect API key written to a fixed path, pre-create files or symlinks to r...

7.2CVSS5.8AI score0.00023EPSS

Exploits0References4

EUVD•added 3 days ago•7 views

EUVD-2026-33751

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

7.2CVSS5.8AI score0.00023EPSS

Exploits0References4

Vulnrichment•added 3 days ago•3 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

7.2CVSS5.8AI score0.00023EPSS

Exploits0References4

OSV•added 2026/05/25 8:15 a.m.•6 views

MAL-2026-4300 Malicious code in apple-app-store-server-library-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0927a2d11dc610a60127985e95a9851a1bcad74ff346884f089d1d25545aa896 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 2026/05/25 8:15 a.m.•4 views

Malicious Package

Overview apple-app-store-server-library-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/25 8:15 a.m.•13 views

Malicious code in apple-app-store-server-library-v3 (npm)

Github Security Blog•added 2026/05/19 2:47 p.m.•9 views

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...

5.9AI score

Exploits0References2Affected Software1

Snyk•added 2026/04/29 2:40 p.m.•2 views

Malicious Package

Overview apple-app-store-server-library-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score

Exploits0References2

OSV•added 2026/04/27 7:55 p.m.•2 views

MAL-2026-3123 Malicious code in apple-app-store-server-library-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...

5.6AI score

OSSF Malicious Packages•added 2026/04/27 7:55 p.m.•3 views

Malicious code in apple-app-store-server-library-poc (npm)

5.5AI score

The Hacker News•added 2026/04/24 11:48 a.m.•6 views

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look...

6.1AI score

Securelist•added 2026/04/20 9:22 a.m.•2 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

Securelist•added 2026/04/20 9:1 a.m.•1 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

HackRead•added 2026/04/15 4:47 p.m.•1 views

Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft

Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app?...

The Hacker News•added 2026/04/03 9:10 a.m.•5 views

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

6AI score

ATTACKERKB•added 2026/03/11 5:4 p.m.•2 views

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS6.3AI score0.00124EPSS

Exploits0References3

Malwarebytes•added 2026/03/04 1:44 p.m.•1 views

Does the UK really want to ban VPNs? And can it be done?

The idea of a "Great British Firewall" makes for a catchy headline, but it would be riddled with holes and cause huge problems. The Guardian reports that the GCHQ Government Communications Headquarters, a UK intelligence, security, and cyber agency, is exploring the idea of a British firewall...

5.9AI score