CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9507 matches found

OSSF Malicious Packages•added 2026/05/25 1:57 p.m.•9 views

Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

5.8AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/25 11:50 a.m.•12 views

Malicious code in atel-mcp-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...

5.8AI score

Exploits0References2

OSV•added 2026/05/25 11:50 a.m.•14 views

MAL-2026-4485 Malicious code in atel-mcp-openclaw (npm)

5.8AI score

Exploits0References2

OSV•added 2026/05/25 10:31 a.m.•3 views

MAL-2026-4631 Malicious code in opentiny-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70307cffed06951bdb7b961e7846e3b3e0ba660b75ddca0b4fa11366ab94dc6d The package opentiny-react reproduces the source, README, and CHANGELOG of the legitimate @tinymce/tinymce-react integration verbatim under a...

6AI score

Exploits0References1

OSV•added 2026/05/25 10:10 a.m.•6 views

MAL-2026-4488 Malicious code in auth-basic-vault (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3227380d9ef91ce63237acc9656b88a50b29aeeb05c594b700c5936a7527543 On require'auth-basic-vault', lib/writer.js attempts to require'authcascade' at module top level and, on failure, shells out via execSync to npm...

5.4AI score

Exploits0References2

Tenable Nessus•added 2026/05/25 12:0 a.m.•13 views

Fedora 44 : pie (2026-3d8d946f69)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

5.8AI score

Exploits0References1

OSV•added 2026/05/24 4:52 p.m.•9 views

MAL-2026-4776 Malicious code in whatsfly-labfox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c63e3f4776abe00db50f3d7e34bea3ed308a52b6e0c44872692b0dce50290d1f On import whatsfly, whatsfly/init.py invokes ensureUsableBinaries from whatsfly/dependencies/builder.py, which downloads a native binary...

6.3AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/24 4:52 p.m.•9 views

Malicious code in whatsfly-labfox (PyPI)

6.2AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/24 3:22 p.m.•8 views

Malicious code in cami-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ccc787b2437085a18ed05c52fc473d8c28162cbe3cbbaa04adaefa73389da1 On install, scripts/install.js invokes autoUpdate.install, which writes a launchd agent to...

6.4AI score

Exploits0References1

OSV•added 2026/05/24 3:22 p.m.•8 views

MAL-2026-4504 Malicious code in cami-design (npm)

6.4AI score

Exploits0References1

OSV•added 2026/05/24 6:5 a.m.•8 views

MAL-2026-4577 Malicious code in harness-skil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/23 11:3 p.m.•10 views

Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...

5.3AI score

Exploits0References11

OSV•added 2026/05/23 11:3 p.m.•5 views

MAL-2026-4630 Malicious code in openprompt-lang (npm)

5.4AI score

Exploits0References11

UbuntuCve•added 2026/05/23 7:16 p.m.•11 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS6.7AI score0.01745EPSS

Exploits1References5

OSV•added 2026/05/23 7:16 p.m.•5 views

UBUNTU-CVE-2018-25357

9.8CVSS6.7AI score0.01745EPSS

Exploits1References7

OSSF Malicious Packages•added 2026/05/23 7:14 p.m.•14 views

Malicious code in fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...

6.2AI score

Exploits0References1

OSV•added 2026/05/23 6:39 p.m.•7 views

MAL-2026-4269 Malicious code in mistral-evals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f79806b5d197ed3b6beeedfb7092ad6da36d1d186ad57dc12be0b030c63726c9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

Exploits0References1