CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•10 views

CVE-2018-25405

8.8CVSS0.00068EPSS

ATTACKERKB•added 4 days ago•4 views

CVE-2018-25406

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4Affected Software1

EUVD•added 4 days ago•4 views

EUVD-2018-21928

8.8CVSS6.2AI score0.00068EPSS

ATTACKERKB•added 4 days ago•4 views

CVE-2018-25405

Exploits0References4Affected Software1

EUVD•added 4 days ago•5 views

EUVD-2018-21927

CNNVD•added 4 days ago•3 views

eNdonesia Portal SQL注入漏洞

eNdonesia Portal is a system platform developed by eNdonesia’s individual developers, offering functions for portal content management and information publishing. Version 8.7 of eNdonesia Portal has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

CNNVD•added 4 days ago•3 views

eNdonesia Portal SQL注入漏洞

Snyk•added 2026/05/05 3:27 p.m.•4 views

Malicious Package

Overview @infinid-indonesia/ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/03/26 2:56 p.m.•1 views

CVE-2019-25643

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

8.8CVSS6.2AI score0.00051EPSS

Exploits0References1

Cvelist•added 2026/03/24 11:27 a.m.•18 views

CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php

8.8CVSS0.00051EPSS

Positive Technologies•added 2026/03/24 12:0 a.m.•0 views

PT-2026-27377

8.8CVSS6.2AI score0.00051EPSS

Exploits0References5

The Hacker News•added 2026/02/04 2:9 p.m.•7 views

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...

8.8CVSS8.5AI score0.091EPSS

Exploits34

Patchstack•added 2026/02/02 8:49 a.m.•2 views

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...

5.5CVSS5.3AI score0.00216EPSS

Exploits0References1Affected Software1

The Hacker News•added 2025/12/04 9:27 a.m.•4 views

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

7AI score

Packet Storm News•added 2025/11/20 12:0 a.m.•4 views

Autumn Dragon: China-Nexus APT Group Target South East Asia

This report details Autumn Dragon, a sustained, multi-month espionage campaign against the government, media, and news sectors in several countries including Laos, Cambodia, Singapore, the Philippines and Indonesia...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•2 views

Malicious code in rigel-levels-taurus-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daa91034c8b8b7eaefcabb701f38524d7daf0f7c5118a46df8eb3ede6cf5e30c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•2 views

Malicious code in interface-stack-mock-execute-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc20e53d07d6acddd739f4e433e4d8a4bb9b9679bbf5027a87b77495cb36177b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in juno-pyxis-barnard-perturbation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ba7667bb839b545547f830a7cd64064ebb2ed6a65582c2229a5f9a02be6dcb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in kronos-pipe-delphinus-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 960c07082250d878b37b3a5f9a803c37008c32b0ac7d9deefdf8bc4284a2bc8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...