CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/08/28 5:31 p.m.•3 views

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

9.9CVSS7.1AI score0.00374EPSS

Exploits0References5

The Hacker News•added 2025/08/26 9:1 a.m.•8 views

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims t...

OSSF Malicious Packages•added 2025/08/22 6:41 a.m.•3 views

Exploits0

Malicious code in google-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a306188997a3decdf3eb0566e9ec1b3f81c5b1e0b4269eff69342744a9bad64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Tenable Nessus•added 2025/08/20 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2017-16228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in th...

10CVSS7.2AI score0.77823EPSS

Exploits10References2

Vulnrichment•added 2025/08/09 1:31 a.m.•5 views

CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

7.7CVSS7.5AI score0.00456EPSS

Exploits0References2

Github Security Blog•added 2025/08/08 7:32 p.m.•9 views

Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

8.8CVSS9.8AI score0.04127EPSS

Exploits1References5Affected Software1

Snyk•added 2025/08/02 10:0 p.m.•2 views

Malicious Package

Overview secmeasure is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

9.3CVSS7AI score

Exploits0References2

BDU FSTEC•added 2025/07/23 12:0 a.m.•6 views

The vulnerability of the setSystemWizard() and setSystemControl() functions in D-Link DCS-932L IP camera software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setSystemWizard and setSystemControl functions in D-Link DCS-932L IP cameras exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS7.2AI score0.09972EPSS

Exploits1References7Affected Software1

OSSF Malicious Packages•added 2025/07/19 10:1 p.m.•4 views

Malicious code in aphorism-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95f15b2b497431703ff51667a4055e8172f9202aeeea0f725b0b0550812f3299 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

OSV•added 2025/07/19 10:1 p.m.•4 views

MAL-2025-191683 Malicious code in aphorism-lib (PyPI)

OSV•added 2025/07/19 10:0 p.m.•2 views

MAL-2025-191779 Malicious code in lazmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

OSSF Malicious Packages•added 2025/07/19 9:59 p.m.•4 views

Malicious code in hkmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3c3063747c35c5ae091331ac2c35dbef66c945aca73b06ee32ef1f0ec088009 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

OSSF Malicious Packages•added 2025/07/19 9:57 p.m.•6 views

Malicious code in hekamhelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac329f6244d2faf82ef12a167d1b46de2a9043fb1c086b67a45458d75d227562 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

OSV•added 2025/07/19 9:57 p.m.•4 views

MAL-2025-191750 Malicious code in hekamhelp (PyPI)

OSSF Malicious Packages•added 2025/07/19 9:55 p.m.•4 views

Malicious code in talbat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa560ce194b853d26b02cc7a6fc99298c2b1de4516a8beb84b84475aa1fb23b3 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

OSV•added 2025/07/19 9:55 p.m.•4 views

MAL-2025-191885 Malicious code in talbat (PyPI)