CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/11 5:6 a.m.•7 views

MAL-2026-5580 Malicious code in webpack-cache-reset (npm)

6AI score

Vulnrichment•added 2026/06/11 5:4 a.m.•6 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0068EPSS

Cvelist•added 2026/06/11 5:4 a.m.•25 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

8.1CVSS0.0068EPSS

EUVD•added 2026/06/11 5:4 a.m.•6 views

EUVD-2026-36212

8.1CVSS5.7AI score0.0068EPSS

CVE•added 2026/06/11 5:4 a.m.•17 views

CVE-2026-41699

CVE-2026-41699 : Spring for GraphQL is affected by an Unsafe Deserialization flaw when processing paginated GraphQL queries (Connection fields). If the classpath contains specific deserialization-related classes, a crafted GraphQL request can lead to Remote Code Execution. Affected versions: Spri...

9.8CVSS5.7AI score0.0068EPSS

Exploits0References1Affected Software1

OSSF Malicious Packages•added 2026/06/11 5:0 a.m.•6 views

Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

6.4AI score

OSV•added 2026/06/11 5:0 a.m.•8 views

MAL-2026-5564 Malicious code in @tonsdk/core (npm)

6.4AI score

OSV•added 2026/06/11 3:15 a.m.•7 views

MAL-2026-5547 Malicious code in @403name/electron-buidler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed72e6dbbdb78cd8fc99bfafc15900f16543690460ae2cfad826aeee20c05a4 On require, index.js executes an immediately-invoked function that platform-gates to macOS, skips CI environments, drops a one-shot marker file in...

OSSF Malicious Packages•added 2026/06/11 3:15 a.m.•7 views

Malicious code in @403name/electron-buidler (npm)

OSSF Malicious Packages•added 2026/06/11 3:14 a.m.•6 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

OSV•added 2026/06/11 3:14 a.m.•8 views

MAL-2026-5548 Malicious code in @403name/ether-js (npm)

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.5AI score0.00148EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•6 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS6.6AI score0.00887EPSS

RedHat Linux•added 2026/06/11 2:23 a.m.•7 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References7

EUVD•added 2026/06/11 12:32 a.m.•10 views

EUVD-2026-36167

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

5.5AI score0.00657EPSS

Exploits0References3

EUVD•added 2026/06/11 12:32 a.m.•7 views

EUVD-2026-36156

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.7AI score0.00548EPSS

Exploits0References3

Positive Technologies•added 2026/06/11 12:0 a.m.•9 views

PT-2026-48701

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasl io start packet, adding sizeofuint32 t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap...

7.6CVSS6AI score0.00539EPSS

Exploits0References4

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48700

Name of the Vulnerable Software and Affected Versions KanaDojo versions prior to 0.1.18 Description A sandbox escape allows remote code execution with full GitHub Actions runner privileges, including access to the AUTOMATION PR TOKEN variable. The issue occurs in the issue-auto-respond.yml workfl...

8.5CVSS6.3AI score0.00487EPSS

Exploits0References5

CNNVD•added 2026/06/11 12:0 a.m.•5 views

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

7.6CVSS6.3AI score0.00539EPSS