CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 5 days ago•4 views

Malicious Package

Overview @cloudplatform-single-spa/event-bus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.9AI score

Snyk•added last week•7 views

Malicious Package

Overview @cloudplatform-single-spa/cloud-dns is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score

Snyk•added last week•9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-metastore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score

Snyk•added last week•7 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score

GitLab Advisory Database•added 2026/05/29 12:0 a.m.•9 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score

Exploits0References3

GitLab Advisory Database•added 2026/05/29 12:0 a.m.•9 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

5.9AI score

Exploits0References3

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform developed by the American company Veeam. There is a security vulnerability in Veeam Service Provider Console, which may lead to remote code execution...

9.4CVSS6.1AI score0.00299EPSS

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•8 views

Malicious code in @cloudplatform-single-spa/dataplatform-cloudberry (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score

Exploits0References1

CVE•added 2026/05/26 1:30 p.m.•9 views

CVE-2026-9550

CVE-2026-9550 affects Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue involves path traversal in a component handling the file path /SubstationWEBV2/app/..;/main/upfile, caused by manipulation of the argument path. The vulnerability permits...

7.5CVSS6.7AI score0.00116EPSS

EUVD•added 2026/05/26 1:30 p.m.•11 views

EUVD-2026-31825

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00116EPSS

Vulnrichment•added 2026/05/26 1:30 p.m.•10 views

CVE-2026-9550 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal

7.5CVSS6.8AI score0.00116EPSS

ATTACKERKB•added 2026/05/26 2:30 a.m.•6 views

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

Exploits0References4Affected Software1

CVE•added 2026/05/26 2:30 a.m.•10 views

CVE-2026-9523

The CVE describes a SQL injection in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. The vulnerable component is the web path /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree, where argument manipulation enables SQL injection. The issue is exp...

Vulnrichment•added 2026/05/26 2:30 a.m.•7 views

CVE-2026-9523 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree sql injection

EUVD•added 2026/05/26 2:30 a.m.•8 views

EUVD-2026-31782

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43179