CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

Snyk•added 2026/06/11 9:0 p.m.•2 views

Malicious Package

Overview atomic-lockfile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

Tenable Nessus•added 2026/06/11 12:0 a.m.•8 views

openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

9.8CVSS5.7AI score0.01323EPSS

Exploits0References2

OSV•added 2026/06/08 5:34 p.m.•8 views

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

9.8CVSS7.5AI score0.01323EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:20 p.m.•10 views

CVE-2026-32148

Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...

8.9CVSS5.5AI score0.00191EPSS

Exploits1References1

Fedora•added 2026/05/28 1:13 a.m.•21 views

[SECURITY] Fedora 44 Update: uv-0.11.15-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score

Exploits0

Fedora•added 2026/05/28 12:48 a.m.•23 views

[SECURITY] Fedora 43 Update: uv-0.11.15-1.fc43

5.8AI score

Exploits0

OSV•added 2026/05/24 2:10 a.m.•5 views

MAL-2026-4567 Malicious code in freertc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb3d1337fc97d6eaccde325dc5f539a28af051f548c31f1b97a8752b8f51878 On install, scripts/postinstall-message.mjs reads the consumer project's package.json via process.env.INITCWD, and if freertc appears in...

5.8AI score

Exploits0References8

OSV•added 2026/05/19 7:46 p.m.•4 views

GHSA-3QCW-2RHX-2726 Turbo: Unexpected local code execution during Yarn Berry detection

Impact Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a...

9.8CVSS6.4AI score0.00386EPSS

Exploits0References3

Fedora•added 2026/05/18 1:24 a.m.•12 views

[SECURITY] Fedora 42 Update: uv-0.11.11-1.fc42

5.8AI score

Exploits0

Fedora•added 2026/05/18 12:59 a.m.•11 views

[SECURITY] Fedora 43 Update: uv-0.11.11-1.fc43

5.8AI score

Exploits0

Fedora•added 2026/05/18 12:44 a.m.•17 views

[SECURITY] Fedora 44 Update: uv-0.11.11-1.fc44

5.8AI score

Exploits0

NVD•added 2026/04/30 7:16 p.m.•5 views

CVE-2026-32148

8.9CVSS0.00191EPSS

Exploits1References4

Vulnrichment•added 2026/04/30 6:17 p.m.•4 views

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

8.9CVSS5.4AI score0.00191EPSS

Exploits1References4

ATTACKERKB•added 2026/04/30 6:17 p.m.•4 views

CVE-2026-32148

8.9CVSS5.3AI score0.00191EPSS

Exploits1References5Affected Software1

EUVD•added 2026/04/30 6:17 p.m.•5 views

EUVD-2026-26404

8.9CVSS5.4AI score0.00191EPSS

Exploits1References4

OSV•added 2026/04/30 6:17 p.m.•6 views

EEF-CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

Summary Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. Howeve...

8.9CVSS5.5AI score0.00191EPSS

Exploits1References3

Cvelist•added 2026/04/30 6:17 p.m.•34 views

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

8.9CVSS0.00191EPSS

Exploits1References4

CVE•added 2026/04/30 6:17 p.m.•6 views

CVE-2026-32148

Summary (technical) : The Hex package manager (Hex.RemoteConverger) has a data-authenticity vulnerability where mix.lock checksums are not verified due to a type mismatch: Hex.Utils.lock/1 returns string-based dependency names while verification expects atom-based names, causing silent bypass of ...

8.9CVSS5.4AI score0.00191EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/30 12:0 a.m.•6 views

PT-2026-36158

Name of the Vulnerable Software and Affected Versions hex versions 0.16.0 through 2.4.1 Description Insufficient Verification of Data Authenticity in the Hex.RemoteConverger module allows for a dependency integrity bypass. The Hex.RemoteConverger.verify resolved/2 function fails to execute checks...

8.9CVSS5.9AI score0.00191EPSS

Exploits1References9

Snyk•added 2026/04/16 1:34 a.m.•6 views

Code Execution

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Code Execution in the via lockfile maintenance in bazel-module/lockfile.ts‎, used by bazel-module and bazelisk. An attacker can execute arbitrary code by introducing a malicious dependency that is...

6.8CVSS6.2AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by