CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/07 12:31 p.m.•4 views

EUVD-2026-28345

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

8.7CVSS6AI score0.00056EPSS

Exploits0References2

RedhatCVE•added 2026/04/01 7:15 p.m.•0 views

CVE-2026-34445

A flaw was found in Open Neural Network Exchange ONNX. An attacker could exploit a vulnerability in how ONNX processes model metadata, specifically within the ExternalDataInfo class. By crafting a malicious ONNX model, an attacker could overwrite internal object properties, leading to a denial of...

8.6CVSS5.8AI score0.00207EPSS

Exploits0References6

RedHat Linux•added 2026/03/19 9:35 p.m.•14 views

capstone: Capstone: Memory corruption via unchecked vsnprintf return

A flaw was found in Capstone, a disassembly framework. An unchecked return value from vsnprintf within the SStreamconcat function allows a malicious input to manipulate the internal stream index. This can lead to a stack buffer underflow or overflow, potentially enabling a local attacker to achie...

9.8CVSS7.4AI score0.00038EPSS

Exploits0References6

RedHat Linux•added 2026/03/18 10:4 a.m.•2 views

capstone: Capstone: Memory corruption via unchecked vsnprintf return

9.8CVSS7.4AI score0.00038EPSS

Exploits0References6

RedHat Linux•added 2026/03/06 11:0 a.m.•2 views

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

5.4CVSS5.9AI score0.05295EPSS

Exploits1References7

ICS•added 2026/01/27 7:0 a.m.•5 views

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.5CVSS5.8AI score0.00231EPSS

Exploits0References11

RedhatCVE•added 2026/01/09 8:52 a.m.•1 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.5CVSS6.5AI score0.00863EPSS

RedhatCVE•added 2026/01/09 8:45 a.m.•10 views

CVE-2025-40804

A vulnerability has been identified in SIMATIC Virtualization as a Service SIVaaS All versions. The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization...

9.3CVSS6.8AI score0.00051EPSS

RedhatCVE•added 2026/01/07 9:48 a.m.•3 views

CVE-2022-27803

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space...

4.3CVSS6.5AI score0.00163EPSS

RedhatCVE•added 2026/01/07 9:48 a.m.•6 views

CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow...

4.3CVSS6.6AI score0.00193EPSS

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-7889

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data o...

6.5CVSS6.8AI score0.00081EPSS

ICS•added 2025/11/13 7:0 a.m.•5 views

Rockwell Automation Verve Asset Manager

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

8.4CVSS6.5AI score0.00055EPSS

Exploits0References11

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in csrf-thermochronology-oscillation-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23992ff1d63ebb87f14b33af1af9f888a76886aea879d7893bbf8d971fb1fa92 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-185402 Malicious code in air-minify-load-secure-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1af3ec54197cb7da3f25eb9bd335126dffc771d242e1a8159a7354d5522b5442 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 7:18 p.m.•2 views

Malicious code in diva-tugafai-imagiuaga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ec7ffb52586e8d85d9ed70d0d4f919689a02f5ac656a9d5248427a454243623 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

OSV•added 2025/11/12 7:18 p.m.•1 views

MAL-2025-176858 Malicious code in nuilva-vmiam-bunamab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3dd08418eeaad14cae815becb115c3e0973f8799da2d8271da13fd83bd459e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 4:47 p.m.•2 views

Malicious code in musnisdr-nuyt-musast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0eca39f3f5d5439c1e26d425ea03d1949b1b4b6095f366d33b837e5577c0af5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

OSV•added 2025/11/12 4:47 p.m.•1 views

MAL-2025-150966 Malicious code in @miptaa02/tdisd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf9e4547d7b4a329f876d3a879e197a812c99ffa7dae5be034cd90967e281f1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:47 p.m.•1 views

MAL-2025-163061 Malicious code in nokire-namiresan11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a160842026bf01ee11d36662ecce79c2a4972a0a1e6f5bf1e0e3fcf3e4377375 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...