CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

251726 matches found

GithubExploit•added last week•173 views

POC_cve_2026_35273

POCcve202635273 Universal Unauthenticated RCE via PeopleSof...

5.4AI score

Exploits0

OSV•added last week•8 views

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

5.6AI score

Exploits0References2

OSSF Malicious Packages•added last week•11 views

Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

6AI score

Exploits0References1

OSV•added last week•10 views

MAL-2026-5743 Malicious code in environment-gate (npm)

6AI score

Exploits0References1

GithubExploit•added 2026/06/13 6:51 p.m.•127 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

10CVSS8.6AI score0.99562EPSS

Exploits367

GithubExploit•added 2026/06/13 4:2 p.m.•75 views

MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

5.5AI score

Exploits0

GithubExploit•added 2026/06/13 3:9 p.m.•76 views

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

CVE-2018-9276 — PRTG Network Monitor ⚠️ Disclaimer: This...

9CVSS8AI score0.86943EPSS

Exploits12

GithubExploit•added 2026/06/13 2:34 p.m.•71 views

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

7.3CVSS5.6AI score0.00657EPSS

Exploits1

The Hacker News•added 2026/06/13 1:23 p.m.•18 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.10035EPSS

Exploits2

GithubExploit•added 2026/06/13 11:27 a.m.•68 views

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

9.8CVSS5.3AI score0.01462EPSS

Exploits4

GithubExploit•added 2026/06/13 11:0 a.m.•56 views

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

9.8CVSS5.8AI score0.80467EPSS

Exploits11

GithubExploit•added 2026/06/13 7:10 a.m.•61 views

Exploit for CVE-2026-48017

CVE-2026-48017 — Remote Code Execution in DbGate via function...

6.6AI score0.00583EPSS

Exploits1

OSV•added 2026/06/13 7:7 a.m.•5 views

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

5.4AI score

Exploits0References8

OSSF Malicious Packages•added 2026/06/13 7:0 a.m.•8 views

Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

6.3AI score

Exploits0References1

OSV•added 2026/06/13 7:0 a.m.•5 views

MAL-2026-5734 Malicious code in node-denv (npm)

6.4AI score

Exploits0References1

GithubExploit•added 2026/06/13 4:42 a.m.•57 views

Exploit for CVE-2026-22356

CVE-2026-22356 CVE-2026-22356: Jetpack CRM Path Traversal Vuln...

7.5CVSS5.3AI score0.00423EPSS

Exploits1

RedhatCVE•added 2026/06/13 2:34 a.m.•10 views

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

8.8CVSS5.6AI score0.0024EPSS

Exploits1References2

SUSE CVE•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.1AI score0.00286EPSS

Exploits0References3

SUSE CVE•added 2026/06/13 2:17 a.m.•4 views

SUSE CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

7.5CVSS5.7AI score0.01409EPSS

Exploits0References22

OSV•added 2026/06/13 12:5 a.m.•6 views

RLSA-2026:25216 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS6.7AI score0.0095EPSS

Exploits4References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by