CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11804 matches found

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1658)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1658 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can muta...

9.8CVSS6AI score0.26321EPSS

Exploits2References6

Github Security Blog•added 2026/05/19 7:28 p.m.•11 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score

Exploits0References2Affected Software3

OSSF Malicious Packages•added 2026/05/19 7:6 p.m.•6 views

Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

6AI score

Exploits0References2

OSV•added 2026/05/19 6:9 p.m.•4 views

MAL-2026-4522 Malicious code in claude-all-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c5a1f5a6f5bd2dadc4e207ff4e8e310c24cd4c99c751ed094251e00e0af8f3 On install, postinstall.js writes configuration into /.claude/, /.gemini/, /.codex/, and /.kiro/ that hard-wires AI tooling to author-controlled...

5.8AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/19 6:9 p.m.•9 views

Malicious code in claude-all-config (npm)

5.8AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/19 6:5 p.m.•9 views

Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

6.2AI score

Exploits0References3

Github Security Blog•added 2026/05/19 3:51 p.m.•8 views

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

5.7AI score0.00017EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/19 3:51 p.m.•2 views

GHSA-X5W9-XH9R-MVFC Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

5.4CVSS5.7AI score0.00017EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 1:27 p.m.•8 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS7.2AI score0.00086EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 1:16 p.m.•8 views

libssh: libssh: Denial of Service via improper configuration file handling

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

3.3CVSS6.5AI score0.00007EPSS

Exploits0References4

GithubExploit•added 2026/05/19 8:8 a.m.•67 views

Exploit for Incorrect Authorization in Litellm

CVE-2026-35029 – LiteLLM /config/update privilege escalation...

8.8CVSS6AI score0.1938EPSS

Exploits2

RedhatCVE•added 2026/05/19 1:58 a.m.•8 views

CVE-2026-8739

A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...

6.9CVSS5.6AI score0.00037EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/l7-three (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References4

OSV•added 2026/05/19 12:0 a.m.•3 views

MAL-2026-3976 Malicious code in @antv/g2-extension-ava (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/gatsby-theme (npm)

5.8AI score

Exploits0References4

OSV•added 2026/05/19 12:0 a.m.•5 views

MAL-2026-3837 Malicious code in @antv/g-image-exporter (npm)