CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 5 days ago•97 views

Oracle WebLogic Server - Remote Command Execution

Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See...

10CVSS7.8AI score0.99997EPSS

Exploits43References5

NCSC•added 2026/06/17 8:55 a.m.•5 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

9.9CVSS5.4AI score0.00555EPSS

OSV•added 2026/06/17 5:0 a.m.•4 views

MAL-2026-6019 Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/17 4:55 a.m.•6 views

Malicious code in @mastra/deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/17 3:12 a.m.•6 views

Malicious code in @mastra/dynamodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/15 11:56 p.m.•6 views

Malicious code in vemos-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dbc534054236541dc79f97538525221204d7e83cea2c28b496c0f6bedf70ee7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/11 1:54 p.m.•12 views

Malicious code in experian-analytics-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b17ea66ee9c256e21971184546b027011520942070236a348fe0da478b5ac66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/11 1:54 p.m.•7 views

MAL-2026-5670 Malicious code in pui-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cvelist•added 2026/06/10 5:10 p.m.•26 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS0.01069EPSS

Exploits0References5

OSV•added 2026/06/10 2:15 p.m.•8 views

MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/09 2:17 p.m.•10 views

MAL-2026-5374 Malicious code in @doaction/mapstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9692028d96015eee60ce05d38eac9bf0c6e51dd2153cea37cad4756e3b4b3de9 @doaction/[email protected] is published to the public npm registry under a sentinel-high version 99.99.99 with a pinned @doaction/shared: ^99.99.99...

OSSF Malicious Packages•added 2026/06/09 2:17 p.m.•10 views

Exploits0References3

Malicious code in @doaction/mapstore (npm)

OSSF Malicious Packages•added 2026/06/09 2:17 p.m.•7 views

Exploits0References3

Malicious code in @doaction/examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...

5.8AI score

Exploits0References2

OSV•added 2026/06/09 9:47 a.m.•8 views

MAL-2026-5348 Malicious code in os-ulid-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 531ba01f5b5d2442cc8070ae6feec31976f9b67957fa3b0936c2cea7b6034b81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/04 6:55 p.m.•22 views

MAL-2026-5187 Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...