CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 3 days ago•4 views

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

GithubExploit•added 3 days ago•48 views

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

6.1AI score

CNNVD•added 6 days ago•3 views

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

7.5CVSS5.9AI score0.00002EPSS

Tenable Nessus•added 6 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

Snyk•added last week•3 views

Directory Traversal

Overview shamefile is a Turn linter suppressions from silent technical debt into reviewable, documented decisions. Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the...

6.8CVSS6.3AI score

Github Security Blog•added last week•4 views

Shamefile has an arbitrary file read via shamefile.yaml in shame next

Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...

Exploits0References5Affected Software1

OSV•added last week•4 views

BIT-GITLAB-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

Cvelist•added 2026/05/27 5:54 p.m.•32 views

Exploits0References3

CVE-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

4.3CVSS0.00027EPSS

EUVD•added 2026/05/27 5:54 p.m.•5 views

EUVD-2026-32617

NVD•added 2026/05/27 3:16 p.m.•10 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS0.00013EPSS

Vulnrichment•added 2026/05/27 2:42 p.m.•6 views

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

5CVSS5.9AI score0.00013EPSS

Wiz blog•added 2026/05/27 1:52 p.m.•5 views

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations...

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44071

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.7 through 18.10.6 GitLab CE/EE versions 18.11 through 18.11.3 GitLab CE/EE versions 19.0 through 19.0.0 Description An issue exists where an authenticated user could, under certain conditions, access CI Continuous...

CNNVD•added 2026/05/27 12:0 a.m.•3 views

Exploits0References5

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Security vulnerabilities exist in versions of GitLab CE/EE 12.7 to...

4.3CVSS5.9AI score0.00027EPSS

Vulnrichment•added 2026/05/26 3:49 p.m.•3 views

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS6.1AI score0.00045EPSS

Exploits1References2

Cvelist•added 2026/05/26 3:49 p.m.•30 views

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

5CVSS0.00045EPSS

Exploits1References2

GithubExploit•added 2026/05/25 3:34 p.m.•60 views

Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter

Simulasi Supply Chain Attack — CVE-2026-45321 TanStack Ed...

9.6CVSS7.7AI score0.17051EPSS

Exploits3

OSSF Malicious Packages•added 2026/05/25 2:16 p.m.•8 views

Malicious code in tempo-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...