CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/04/24 1:35 a.m.•5 views

Malicious code in amplitude-ma-ts (npm)

npm stealer. Hardcoded Discord webhook id 1497047226428690432 in postinstall Folder/bin/S.js. Exfils hostname, whoami, pwd, publicip api.ipify.org, /etc/hosts via Discord embed. v1.0.21 empty placeholder, v1.0.22 shipped payload — name-squat-then-poison. Typosquats @amplitude/ analytics scope...

5.8AI score

Exploits0

GithubExploit•added 2026/04/23 9:52 p.m.•72 views

Exploit for CVE-2026-41303

🔐 CVE-2026-41303: Authorization Bypass en OpenClaw Discord Bot...

8.8CVSS5.8AI score0.00079EPSS

Exploits1

CVE•added 2026/03/20 2:35 a.m.•3 views

CVE-2026-32890

Anchorr (Discord bot) has a stored XSS in the web dashboard (User Mapping dropdown) affecting versions ≤ 1.4.1. An unprivileged Discord user in the same guild can execute arbitrary JavaScript in the admin’s browser. Coupled with GET /api/config (which returns plaintext secrets), an attacker can e...

9.6CVSS6AI score0.00032EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•1 views

PT-2026-26546

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the...

9CVSS6AI score0.00025EPSS

Exploits0References8

CNNVD•added 2026/03/20 12:0 a.m.•2 views

Anchorr 安全漏洞

Anchorr is an open-source Discord bot developed by openVESSL that integrates media search and notifications. Versions of Anchorr 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from a storage-oriented cross-site scripting vulnerability in the Jellyseerr user selecto...

9CVSS5.7AI score0.00025EPSS

Exploits0References2

OSV•added 2026/03/01 10:11 a.m.•1 views

MAL-2026-1098 Malicious code in noteasonfnsource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa2242ec1849ffa55a55c85b7781623cdc7147b8568b3beaa5d2b3b956c04e17 Code provides a Discord bot, which - once a generic command is called - performs malicious action against the Discord server: deletes all channels, renames the...

6AI score

OSSF Malicious Packages•added 2026/03/01 10:11 a.m.•4 views

Malicious code in noteasonfnsource (PyPI)

6AI score

RedhatCVE•added 2026/01/20 9:22 p.m.•1 views

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

NVD•added 2026/01/19 9:15 p.m.•2 views

Exploits1References1

CVE-2026-23875

7.1CVSS0.00048EPSS

CVE•added 2026/01/19 8:47 p.m.•6 views

CVE-2026-23875

CVE-2026-23875 affects CrawlChat prior to version 0.0.8. The issue is a missing permission check in the Discord bot component, allowing non-administrative guild users to add content to the collection knowledge base by using the jigsaw emoji reaction. This could let regular users insert or influen...

Exploits1References3Affected Software1

ATTACKERKB•added 2026/01/19 8:47 p.m.•1 views

CVE-2026-23875

7.1CVSS5.4AI score0.00048EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/01/19 8:47 p.m.•13 views

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

7.1CVSS0.00048EPSS

Vulnrichment•added 2026/01/19 8:47 p.m.•1 views

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

7.1CVSS5.4AI score0.00048EPSS

OSV•added 2026/01/19 8:47 p.m.•1 views

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

EUVD•added 2026/01/19 8:47 p.m.•1 views

Exploits1References5

EUVD-2026-3285

CNNVD•added 2026/01/19 12:0 a.m.•1 views

CrawlChat security vulnerability

CrawlChat is an open-source tool developed by CrawlChat that combines web scrapers with AI chatbots. Versions of CrawlChat prior to 0.0.8 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks in CrawlChat’s Discord bot, allowing non-managed server...

7.1CVSS5.8AI score0.00048EPSS

Exploits1References4

Positive Technologies•added 2026/01/19 12:0 a.m.•3 views

PT-2026-3503

Name of the Vulnerable Software and Affected Versions CrawlChat versions prior to 0.0.8 Description CrawlChat is a platform that converts technical documentation into intelligent chatbots. Before version 0.0.8, a missing permission check in the Discord bot component allowed users without...

7.1CVSS5.4AI score0.00048EPSS

Exploits1References9

RedhatCVE•added 2026/01/09 9:3 a.m.•3 views

CVE-2024-39905

Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...

5.3CVSS7.1AI score0.00292EPSS

RedhatCVE•added 2026/01/09 8:44 a.m.•5 views

CVE-2022-23604

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the sam...

8.8CVSS6.9AI score0.00438EPSS