CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/01 12:15 p.m.•1 views

CVE-2021-47908

6.4CVSS6.1AI score0.00021EPSS

OSV•added 2026/02/01 10:28 a.m.•1 views

MAL-2026-619 Malicious code in colorss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 de8be235bf17ee738265f4a0254263fc0caeefa1f9228c9f6f122dfd7b2fac2d Package silently executes in background a remote script. During the analysis, the script was not accessible --- Category: MALICIOUS - The campaign has clearly...

5.9AI score

OSSF Malicious Packages•added 2026/02/01 10:28 a.m.•7 views

Malicious code in colorss (PyPI)

5.9AI score

Positive Technologies•added 2026/02/01 12:0 a.m.•2 views

PT-2026-5568

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS6.2AI score0.00136EPSS

Exploits0References4

CNNVD•added 2026/02/01 12:0 a.m.•2 views

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...

6.4CVSS5.7AI score0.00031EPSS

Exploits1References4

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5552

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

6.4CVSS5.9AI score0.00021EPSS

Exploits0References4

NVD•added 2026/01/30 5:16 p.m.•3 views

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

6.4CVSS0.00131EPSS

Exploits0References5

EUVD•added 2026/01/30 4:16 p.m.•2 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

ATTACKERKB•added 2026/01/30 4:16 p.m.•2 views

CVE-2020-37014

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/01/29 11:22 a.m.•7 views

Malicious code in tableasets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3144974fea7e1e56465e9ba49f98ab0457b3adf75130300002c47f415d64fbd0 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/01/29 10:8 a.m.•3 views

MAL-2026-601 Malicious code in tableautes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSSF Malicious Packages•added 2026/01/29 10:8 a.m.•6 views

Malicious code in tableautes (PyPI)

OSV•added 2026/01/28 7:42 a.m.•5 views

MAL-2026-562 Malicious code in tabullates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Cvelist•added 2026/01/28 12:0 a.m.•23 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

0.00066EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/01/27 6:26 p.m.•10 views

Malicious code in tabletas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/01/27 6:26 p.m.•4 views

MAL-2026-548 Malicious code in tabletas (PyPI)

OSSF Malicious Packages•added 2026/01/25 4:56 p.m.•4 views

Malicious code in selenium-integration (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 50120169fb4cd982eb19b5dee69b1aa881d250d6bab46aaadb2746b92f0ec158 When importing the module, code downloads and executes a highly obfuscated remote script. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

5.7AI score

OSV•added 2026/01/25 4:56 p.m.•3 views

MAL-2026-506 Malicious code in selenium-integration (PyPI)

5.7AI score

OSV•added 2026/01/25 10:15 a.m.•3 views

MAL-2026-501 Malicious code in system-integration-toxi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 096a1a342309a85666ad92b45da1da18ca808e16c93819a3122b2c6bbc2a15d6 During importing the module, code downloads and executes a remote script. During the analysis of this package, the code was a placeholder, but the package is...

5.8AI score