CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/29 10:3 p.m.•12 views

Malicious code in web3-config-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/29 10:3 p.m.•11 views

Malicious code in evmchain-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32ebbd11fa492f47ef6373d99224e4b937f9daaaef387446fd11ffa9bb3ddcc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 2026/05/29 10:3 p.m.•5 views

Malicious Package

Overview evmchain-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSV•added 2026/05/29 10:3 p.m.•5 views

MAL-2026-5069 Malicious code in evmchain-config (npm)

Snyk•added 2026/05/29 10:2 p.m.•8 views

Malicious Package

Overview foundry-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/05/29 10:2 p.m.•11 views

Malicious code in foundry-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/29 10:2 p.m.•3 views

MAL-2026-5070 Malicious code in foundry-config (npm)

ATTACKERKB•added 2026/05/29 6:59 p.m.•7 views

CVE-2026-34127

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS5.6AI score0.00041EPSS

Exploits0References4

EUVD•added 2026/05/29 6:59 p.m.•10 views

EUVD-2026-33420

5.3CVSS5.6AI score0.00041EPSS

CVE•added 2026/05/29 5:45 p.m.•12 views

CVE-2026-44649

SillyTavern) vulnerability (CVE-2026-44649) affects SillyTavern before version 1.18.0 where header-based SSO authentication can be bypassed. The root cause is lack of validation that Remote-User (Authelia) and X-Authentik-Username (Authentik) headers originate from a trusted reverse proxy. The lo...

9.8CVSS5.8AI score0.00088EPSS

NVD•added 2026/05/29 4:16 p.m.•8 views

CVE-2026-35674

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...

8.8CVSS0.00049EPSS

ATTACKERKB•added 2026/05/29 4:15 p.m.•7 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.0026EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/29 4:15 p.m.•14 views

CVE-2026-45630

Dokploy contains an authenticated OS command injection in the updateTraefikConfig tRPC endpoint for versions up to 0.28.8 (and earlier). The root cause is unsanitized echo shell interpolation, enabling admin/owner users to run arbitrary commands on remote servers. Impact is high (full command exe...

9CVSS6.1AI score0.0026EPSS

Github Security Blog•added 2026/05/29 4:7 p.m.•9 views

axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Summary Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request...

7CVSS6.1AI score

Exploits0References2Affected Software1

OSV•added 2026/05/29 4:4 p.m.•7 views

GHSA-35JP-WW65-95WH axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in config.proxy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full...

8.7CVSS5.8AI score

Snyk•added 2026/05/29 4:4 p.m.•5 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the config.proxy property in the HTTP adapter, which accesses properties via the prototype chain. An attacker can intercept an...

8.9CVSS6.1AI score

Snyk•added 2026/05/29 4:4 p.m.•6 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the config.proxy property in the HTTP adapter, which accesses properties via the prototype chain. An attacker can intercept and modify all HTT...

8.9CVSS6.1AI score