CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 5:10 a.m.•12 views

Malicious code in web-pool (npm)

6.1AI score

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•9 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score

OSV•added 2026/06/11 5:6 a.m.•7 views

MAL-2026-5579 Malicious code in webpack-cache-cycle (npm)

5.5AI score

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•8 views

Malicious code in webpack-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f5ce3525e99528190ba5217a777184e302d46050fc23bef173de6fda240eba Package impersonates the webpack ecosystem but is unrelated to webpack. When the exported middleware is invoked, index.js spawns a detached node...

6.2AI score

OSV•added 2026/06/11 5:6 a.m.•8 views

MAL-2026-5581 Malicious code in webpack-patch (npm)

6.2AI score

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•5 views

Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•11 views

Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

6AI score

OSV•added 2026/06/11 5:6 a.m.•10 views

MAL-2026-5580 Malicious code in webpack-cache-reset (npm)

6AI score

Vulnrichment•added 2026/06/11 5:4 a.m.•7 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0068EPSS

EUVD•added 2026/06/11 5:4 a.m.•8 views

EUVD-2026-36212

8.1CVSS5.7AI score0.0068EPSS

Cvelist•added 2026/06/11 5:4 a.m.•27 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

8.1CVSS0.0068EPSS

CVE•added 2026/06/11 5:4 a.m.•21 views

CVE-2026-41699

CVE-2026-41699 : Spring for GraphQL is affected by an Unsafe Deserialization flaw when processing paginated GraphQL queries (Connection fields). If the classpath contains specific deserialization-related classes, a crafted GraphQL request can lead to Remote Code Execution. Affected versions: Spri...

9.8CVSS5.7AI score0.0068EPSS

Exploits0References1Affected Software1

OSSF Malicious Packages•added 2026/06/11 5:0 a.m.•6 views

Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

6.4AI score

OSV•added 2026/06/11 5:0 a.m.•9 views

MAL-2026-5564 Malicious code in @tonsdk/core (npm)

6.4AI score

GithubExploit•added 2026/06/11 3:15 a.m.•43 views

Exploit for Type Confusion in Google Chrome

SSD Advisory – Google Chrome RCE Source: ssd-disclosure.co...

8.1CVSS7.9AI score0.19883EPSS

Exploits5

OSSF Malicious Packages•added 2026/06/11 3:15 a.m.•7 views

Malicious code in @403name/electron-buidler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed72e6dbbdb78cd8fc99bfafc15900f16543690460ae2cfad826aeee20c05a4 On require, index.js executes an immediately-invoked function that platform-gates to macOS, skips CI environments, drops a one-shot marker file in...

OSV•added 2026/06/11 3:15 a.m.•8 views

MAL-2026-5547 Malicious code in @403name/electron-buidler (npm)

OSSF Malicious Packages•added 2026/06/11 3:14 a.m.•6 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

OSV•added 2026/06/11 3:14 a.m.•9 views

MAL-2026-5548 Malicious code in @403name/ether-js (npm)