CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/01/18 10:56 p.m.•4 views

Malicious code in marshel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7.1AI score

OSV•added 2026/01/18 10:56 p.m.•3 views

MAL-2026-325 Malicious code in marshel (PyPI)

Github Security Blog•added 2026/01/13 8:29 p.m.•10 views

Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Summary The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization. Details Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute...

8.2AI score

Exploits0References2Affected Software1

OSSF Malicious Packages•added 2026/01/12 11:5 p.m.•4 views

Malicious code in formater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71f6a751b5ff98dceeee5863086a2d9988640b93d96ccef9d50fb0d0d1dd116c During importing the package automatically downloads a script that uses a Telegram bot to perform remote control over the computer --- Category: MALICIOUS - Th...

7.1AI score

OSV•added 2026/01/12 11:5 p.m.•3 views

MAL-2026-237 Malicious code in formater (PyPI)

OSSF Malicious Packages•added 2026/01/12 8:55 p.m.•6 views

Malicious code in graponater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9bbd986bf5883f6b5b40a7061c514b13f71a27c021471595671d060b260affc3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7.1AI score

OSV•added 2026/01/12 8:55 p.m.•3 views

MAL-2026-236 Malicious code in graponater (PyPI)

The Hacker News•added 2026/01/12 10:48 a.m.•4 views

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. "The current wave of campaigns is driven b...

7.5AI score

Exploits0

RedhatCVE•added 2026/01/09 11:20 a.m.•1 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS6.9AI score0.00197EPSS

RedhatCVE•added 2026/01/09 9:14 a.m.•5 views

CVE-2022-23627

ArchiSteamFarm ASF is a C application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy i.e. Bots commands. In particular, a...

6.8CVSS6.8AI score0.00696EPSS

RedhatCVE•added 2026/01/09 9:13 a.m.•6 views

CVE-2022-31168

Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who...

8.8CVSS6.6AI score0.00337EPSS

RedhatCVE•added 2026/01/09 9:3 a.m.•3 views

CVE-2024-39905

Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...

5.3CVSS7.1AI score0.00292EPSS

RedhatCVE•added 2026/01/09 8:44 a.m.•6 views

CVE-2022-23604

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the sam...

8.8CVSS6.9AI score0.00438EPSS

HackRead•added 2026/01/07 2:2 p.m.•1 views

Why Legitimate Bot Traffic Is a Growing Security Blind Spot

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…...

OSSF Malicious Packages•added 2026/01/07 10:5 a.m.•5 views

Exploits0

Malicious code in codefrequencychecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...

6.9AI score

OSV•added 2026/01/07 10:5 a.m.•1 views

MAL-2026-126 Malicious code in codefrequencychecker (PyPI)

6.8AI score

OSV•added 2026/01/06 2:21 p.m.•3 views

MAL-2026-96 Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

SUSE CVE•added 2026/01/06 12:28 a.m.•10 views

SUSE CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7.1AI score0.00053EPSS