CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/20 4:53 a.m.•6 views

MAL-2026-4665 Malicious code in security-env-loader (npm)

5.7AI score

OSV•added 2026/05/20 2:14 a.m.•9 views

MAL-2026-4709 Malicious code in wallet-agent-ai-radix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a953d7785091650f4f48e0b038e71ad79788102ffd652bff4bb0e8bf40ea21 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org reached via fetch with a POST body that includes values from...

OSSF Malicious Packages•added 2026/05/20 2:14 a.m.•8 views

Malicious code in wallet-agent-ai-radix (npm)

OSSF Malicious Packages•added 2026/05/20 2:8 a.m.•7 views

Malicious code in @deadcode09284814/axios-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76075552edfad08b87789f2594dc666cdf4bf992e590c78cbfb0090446fca42a On npm install, postinstall.js reads installer-owned secrets — SSH private keys idrsa, ided25519, iddsa, config, authorizedkeys, knownhosts,...

OSSF Malicious Packages•added 2026/05/20 1:33 a.m.•12 views

Malicious code in axois-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48eb1a16cb7cac016f30a49f81d472b9b4e02236b97c5daaea4446b74e6aa069 The package name is a single-character transposition of axios. package.json declares preinstall, install, and postinstall hooks all pointing at...

OSV•added 2026/05/20 1:33 a.m.•6 views

Exploits0References6

MAL-2026-4494 Malicious code in axois-utils (npm)

OSV•added 2026/05/20 12:44 a.m.•6 views

Exploits0References6

MAL-2026-4591 Malicious code in jsonbson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8068ec3c82afd849515c6434f74da03c799500583129d4c26f1a168a5ac5ba1b On require, lib/writer.js loaded via main=pino.js collects a full snapshot of process.env, OS platform, hostname, username, and external MAC addresse...

6.3AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/20 12:44 a.m.•11 views

Malicious code in @mcpassure/mcp-cnes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...

OSV•added 2026/05/20 12:44 a.m.•6 views

Exploits0References11

MAL-2026-4407 Malicious code in @mcpassure/mcp-cnes (npm)

OSSF Malicious Packages•added 2026/05/19 5:52 p.m.•9 views

Exploits0References11

Malicious code in corelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...

6AI score

OSV•added 2026/05/19 5:52 p.m.•8 views

MAL-2026-4536 Malicious code in corelia (npm)

6AI score

OSSF Malicious Packages•added 2026/05/15 3:8 a.m.•12 views

Malicious code in cdp-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...

OSV•added 2026/05/15 3:8 a.m.•14 views

MAL-2026-3752 Malicious code in cdp-core (npm)

Snyk•added 2026/05/14 2:22 p.m.•9 views

Malicious Package

Overview knot-rails-assets-pipeline is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/05/13 12:0 a.m.•14 views

Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

OSSF Malicious Packages•added 2026/05/12 6:0 p.m.•12 views

Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

Veracode•added 2026/05/09 5:40 a.m.•10 views

Remote Code Execution (RCE)

LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...

8.8CVSS6.2AI score0.00324EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/09 5:5 a.m.•60 views

CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...

5.3CVSS0.0018EPSS

OSV•added 2026/05/09 12:0 a.m.•5 views

MAL-2026-3647 Malicious code in haswons (npm)

haswons is a typosquatting package impersonating hasown, the utility for checking whether an object has a direct own property. The package bundles the legitimate hasown source to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall...