CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Veracode•added 2026/03/23 7:6 a.m.•3 views

Cross-Site Scripting (XSS)

mayanedms is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of input in an unknown function within the /authentication/ endpoint, which allows a remote attacker to inject and execute malicious scripts...

6.1CVSS5.8AI score0.0006EPSS

Exploits1References10Affected Software1

OSSF Malicious Packages•added 2026/03/18 6:42 a.m.•4 views

Malicious code in rowrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

5.9AI score

OSV•added 2026/03/18 6:42 a.m.•2 views

MAL-2026-1544 Malicious code in rowrap (PyPI)

5.9AI score

CNNVD•added 2026/03/18 12:0 a.m.•3 views

Phoenix Contact多款产品跨站脚本漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have a cross-site...

7.1CVSS5.7AI score0.00034EPSS

OSSF Malicious Packages•added 2026/03/17 9:6 a.m.•3 views

Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

6.1AI score

The Hacker News•added 2026/03/16 9:7 a.m.•2 views

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

6.1AI score

Exploits0

Vulnrichment•added 2026/03/14 9:44 p.m.•1 views

CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

6.4CVSS5.9AI score0.00017EPSS

ATTACKERKB•added 2026/03/08 8:2 p.m.•2 views

CVE-2026-3766

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The...

5.1CVSS4.3AI score0.00043EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/06 11:35 a.m.•13 views

MAL-2026-1261 Malicious code in fastapi-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e414a858711540d25b63ced50114d396e150157b65a70056beccc38948a4199 The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

OSSF Malicious Packages•added 2026/03/06 11:34 a.m.•7 views

Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

OSV•added 2026/03/06 11:34 a.m.•2 views

MAL-2026-1262 Malicious code in fastapis-requests (PyPI)

NVD•added 2026/03/04 6:16 p.m.•8 views

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

10CVSS0.11141EPSS

Exploits2References1

OSV•added 2026/03/03 7:19 p.m.•2 views

MAL-2026-1226 Malicious code in qwery-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4861116d64db41be8bae04818ecc9f3542fe4bc30055d57588f6f23c11149f3 Obfuscated downloader of encrypted code, compiled to native binary. The remote URL has to be provided to the binary. Likely impersonates legitimate npm library...

Positive Technologies•added 2026/02/24 12:0 a.m.•3 views

PT-2026-21795

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 are susceptible to a Cross-site Scripting issue. A low privileged attacker with remote access could potentially exploit this, leading...

5.4CVSS5.3AI score0.0004EPSS

Github Security Blog•added 2026/02/20 9:31 p.m.•6 views

Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

8.6CVSS5.9AI score0.00086EPSS

Exploits2References6Affected Software1

OSSF Malicious Packages•added 2026/02/18 7:32 p.m.•3 views

Malicious code in telebot-infee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 660cdc2470d38cf51f0a232119dd9765cba56eb66412f12d3c09b40dd7bd8530 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

OSV•added 2026/02/18 7:32 p.m.•1 views

MAL-2026-937 Malicious code in telebot-infee (PyPI)

OSV•added 2026/02/18 6:42 p.m.•2 views

MAL-2026-934 Malicious code in telebot-infoe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

OSV•added 2026/02/18 6:36 p.m.•1 views

MAL-2026-935 Malicious code in telebot-infoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a00053312897920b40040788f68a209b63c061000ec349ab3e705675bada499 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...