CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

309 matches found

OSSF Malicious Packages•added 2026/05/21 9:6 a.m.•7 views

Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score

Exploits0References6

NVD•added 2026/04/29 7:16 p.m.•3 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS0.00007EPSS

Exploits0References3

CVE•added 2026/03/24 3:7 p.m.•6 views

CVE-2026-33335

Vikunja Desktop Electron wrapper risk (CVE-2026-33335). The vulnerability affects Vikunja Desktop prior to 2.2.0, where URLs from window.open() are passed directly to shell.openExternal() without validation or protocol allowlisting. An attacker who can insert a link (e.g., target="_blank" in user...

8CVSS5.9AI score0.00051EPSS

Exploits1References2Affected Software1

OSV•added 2026/02/17 4:31 a.m.•2 views

MAL-2026-928 Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.4AI score

Exploits0References6

OSV•added 2026/02/16 11:40 p.m.•5 views

MAL-2026-927 Malicious code in polyclawd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

6.4AI score

Exploits0References6