CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

CVE-2026-12024

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.4AI score0.00016EPSS

Exploits0

OSV•added 2 days ago•4 views

MAL-2026-5559 Malicious code in solana-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 059c5a74392811a397d3868092b7bcc84fbfac9d2f3de1c69a6421cdf756b652 On npm install, the package's postinstall hook node install.js executes a multi-stage attack against the installer's machine. It reads...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in @builder.io/dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 670a0957692786d7cd690da1c51472380e131ceb1149cf37e265a8549ad5339b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSV•added 3 days ago•4 views

MAL-2026-5493 Malicious code in @builder.io/dev-tools (npm)

5.5AI score

Exploits0References1

OSV•added 4 days ago•2 views

MAL-2026-5450 Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•16 views

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Settings component of Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to interact with Dev Tools, potentially exploiting heap corruption through a crafted HTML page...

8.8CVSS7.5AI score0.01191EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в chromium

Before version 95.0.4638.54, using "use after free" in Dev Tools in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.3AI score0.01133EPSS

Exploits0References2

vulnersOsv•added 2026/05/11 9:0 p.m.•6 views

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +99 more potentially affected by CVE-2026-45321 via @tanstack/history (>=1.0.0 <=1.15.13)

@tanstack/history NPM version =1.0.0, =0.1.0, =1.0.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =1.0.0, =1.0.9, =1.1.0, =1.1.2, =1.6.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKHISTORY-16640204...

9.6CVSS8AI score0.17051EPSS

Exploits3

RedHat Linux•added 2025/12/15 1:6 p.m.•8 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Ansible DevSpaces Container Release Update

An update is now available for Red Hat Ansible Automation Platform Ansible DevSpaces Container Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied...

9.8CVSS7.4AI score0.00282EPSS

Exploits10References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-24459

Malware in sbrugna...

8.8CVSS8.8AI score0.01191EPSS

Exploits0References6

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•3 views

Malicious code in sglk-dev-tools (npm)

The package sglk-dev-tools was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/08/14 6:52 p.m.•2 views

MAL-2025-33040 Malicious code in sglk-dev-tools (npm)

The package sglk-dev-tools was found to contain malicious code...

7.2AI score

Exploits0

Positive Technologies•added 2025/06/19 12:0 a.m.•3 views

PT-2025-26211 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: WordPress AI Engine plugin affected versions not specified Description: A critical flaw in WordPress's AI Engine plugin allows subscribers to escalate privileges and take over websites with Dev Tools/MCP enabled. Recommendations: Update the...

8.8CVSS9.4AI score0.00241EPSS

Exploits0References13

AstraLinux•added 2025/02/11 7:35 a.m.•2 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks were executed for those events. Web content that attempted to use those interfaces would not be able to do so with elevated privileges. However, the presence of these interfaces indicated...

8.8CVSS7.7AI score0.00267EPSS

Exploits0References4

RedHat Linux•added 2024/09/19 6:28 p.m.•4 views

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

8.8CVSS7.2AI score0.00267EPSS

Exploits0References8

RedHat Linux•added 2024/09/19 6:25 p.m.•2 views

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

8.8CVSS7.2AI score0.00267EPSS

Exploits0References8

RedHat Linux•added 2024/09/19 12:18 p.m.•3 views

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

8.8CVSS7.2AI score0.00267EPSS

Exploits0References8

RedHat Linux•added 2024/09/19 11:29 a.m.•2 views

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran