CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

483960 matches found

libyang security update

An update is available for libyang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libyang is YANG data modeling language parser and toolkit written and providi...

7.5CVSS6.2AI score0.00068EPSS

Exploits0

GithubExploit•added yesterday•34 views

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 — PHPUnit Remote Code Execution RCE PoC ⚠...

9.8CVSS6.9AI score0.9421EPSS

Exploits19

GithubExploit•added yesterday•25 views

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 — PHPUnit Remote Code Execution RCE PoC ⚠...

9.8CVSS8.4AI score0.9421EPSS

Exploits19

EUVD•added yesterday•9 views

EUVD-2026-36215

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

8.1CVSS6.1AI score0.00035EPSS

Exploits2References4

Vulnrichment•added yesterday•4 views

CVE-2026-10795 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

8.1CVSS6.1AI score0.00035EPSS

Exploits2References4

CVE•added yesterday•52 views

CVE-2026-10795

CVE-2026-10795 concerns UpdraftPlus: WP Backup & Migration Plugin for WordPress, affected up to version 1.26.4. The root cause is insufficient validation of the remote communications message format in UpdraftPlus_Remote_Communications_V2::wp_loaded, allowing an unauthenticated attacker to bypass ...

8.1CVSS6.1AI score0.00035EPSS

In wildExploits2References4

OSV•added yesterday•7 views

MAL-2026-5576 Malicious code in vite-tsconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 142b4a600291ebf355bb7915c082c34b329e58026dc3c1f181a5b1865c16cff9 The package is named vite-tsconfig and replicates the public API of the legitimate tsconfig-paths library register, loadConfig, createMatchPath,...

6.4AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•9 views

Malicious code in vite-tsconfig (npm)

6.4AI score

Exploits0References1

Debian•added yesterday•3 views

[SECURITY] [DSA 6338-1] libdbi-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6338-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2026 https://www.debian.org/security/faq -...

9.8CVSS5.9AI score0.00069EPSS

Exploits0

OSV•added yesterday•12 views

MAL-2026-5577 Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...

6.1AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•8 views

Malicious code in web-pool (npm)

6.1AI score

Exploits0References1

OSV•added yesterday•6 views

MAL-2026-5579 Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•7 views

Malicious code in webpack-cache-cycle (npm)

5.5AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•5 views

Malicious code in webpack-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f5ce3525e99528190ba5217a777184e302d46050fc23bef173de6fda240eba Package impersonates the webpack ecosystem but is unrelated to webpack. When the exported middleware is invoked, index.js spawns a detached node...

6.2AI score

Exploits0References1

OSV•added yesterday•4 views

MAL-2026-5581 Malicious code in webpack-patch (npm)

6.2AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•4 views

Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

6.3AI score

Exploits0References1

OSV•added yesterday•4 views

MAL-2026-5580 Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

6AI score

Exploits0References1

OSSF Malicious Packages•added yesterday•7 views

Malicious code in webpack-cache-reset (npm)

6AI score

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-36212

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.00343EPSS

Exploits0References1

Cvelist•added yesterday•19 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

8.1CVSS0.00343EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by