CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

6.8CVSS6.9AI score0.02765EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в python-kdcproxy

If kdcproxy receives a request for a realm whose configuration does not define any server addresses, it will, by default, query DNS zone records that match the requested realm name. This creates a server-side request-forgery vulnerability, as an attacker could send a request for a realm that...

8.6CVSS5.6AI score0.00087EPSS

OSV•added 2026/05/20 2:15 a.m.•2 views

MAL-2026-4468 Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

6AI score

Exploits0References7

OPENSUSE Linux•added 2026/05/20 12:0 a.m.•6 views

distribution-registry-3.1.1-1.1 on GA media (moderate)

distribution-registry-3.1.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10812-1 Rating: moderate Cross-References: CVE-2026-41888 CVSS scores: CVE-2026-41888 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-41888 SUSE : 6.3...

OSV•added 2026/05/19 9:52 p.m.•2 views

Exploits1

MAL-2026-4741 Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

OSSF Malicious Packages•added 2026/05/19 9:7 p.m.•6 views

Exploits0References1

Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

Microsoft Secure•added 2026/05/19 3:7 p.m.•7 views

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

5.9AI score

OSV•added 2026/05/19 12:0 a.m.•4 views

OPENSUSE-SU-2026:10812-1 distribution-registry-3.1.1-1.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

OSV•added 2026/05/18 1:43 p.m.•2 views

CLEANSTART-2026-MZ61768 Security fixes for CVE-2026-39882, CVE-2026-39883, ghsa-hfvc-g4fc-pqhx, ghsa-w8rr-5gcm-pp58 applied in versions: 3.1.0-r0

Multiple security vulnerabilities affect the distribution-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.3CVSS7.1AI score0.00009EPSS

Exploits1References7

Packet Storm News•added 2026/05/18 12:0 a.m.•7 views

Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling

Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...

NVD•added 2026/05/15 9:16 a.m.•4 views

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

9.8CVSS0.1439EPSS

Exploits1References3

Packet Storm News•added 2026/05/15 12:0 a.m.•5 views

Faraday 5.21.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

NVD•added 2026/05/14 6:16 p.m.•6 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS0.00016EPSS

ATTACKERKB•added 2026/05/14 4:53 p.m.•5 views

CVE-2026-41888

6.3CVSS5.8AI score0.00016EPSS

Exploits1References2Affected Software1

Debian CVE•added 2026/05/14 4:53 p.m.•6 views

CVE-2026-41888

EUVD•added 2026/05/14 4:53 p.m.•8 views

Exploits1

EUVD-2026-30341

6.3CVSS5.8AI score0.00016EPSS

CNNVD•added 2026/05/14 12:0 a.m.•6 views

Distribution 安全漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from bypassing the storage.delete.enabled: false...

Packet Storm News•added 2026/05/14 12:0 a.m.•14 views

WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...