CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

123 matches found

OSSF Malicious Packages•added 2026/06/15 3:9 p.m.•10 views

Malicious code in hemi-supply-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41be27601d38eb5c0b527a9ec22b7516734e8eae985a2607ae6d70878f5f1d9 package.json declares a preinstall hook node postinstall.js that fires automatically on npm install. The script collects host identity os.hostname,...

5.3AI score

Exploits0References1

NVD•added 2026/06/10 3:16 p.m.•10 views

CVE-2026-45563

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS0.00176EPSS

Exploits0References1

OSV•added 2026/06/09 5:35 p.m.•9 views

MAL-2026-5411 Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

5.4AI score

Exploits0References3

RedhatCVE•added 2026/06/05 7:27 p.m.•8 views

CVE-2026-22576

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

6.5CVSS5.5AI score0.00263EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•8 views

CVE-2026-33078

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

9.8CVSS6.1AI score0.00352EPSS

Exploits1References1

OSV•added 2026/05/14 7:24 p.m.•5 views

MAL-2026-3754 Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

5.8AI score

Exploits0References2

RedhatCVE•added 2026/05/12 8:20 a.m.•10 views

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.7AI score0.0044EPSS

Exploits0References1

Cvelist•added 2026/04/24 2:5 a.m.•26 views

CVE-2026-33078 Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter

9.3CVSS0.00352EPSS

Exploits1References2

CNNVD•added 2026/04/24 12:0 a.m.•6 views

Roxy-WI SQL注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a SQL injection vulnerability. This vulnerability stemmed from the serverip parameter in the haproxy-sectionsave function being inserted into the SQL...

9.8CVSS5.9AI score0.00352EPSS

Exploits1References1

CVE•added 2026/04/23 12:0 a.m.•6 views

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

9.8CVSS6.1AI score0.00578EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/04/23 12:0 a.m.•2 views

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00578EPSS

Exploits1References1

ATTACKERKB•added 2026/04/23 12:0 a.m.•2 views

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

9.8CVSS6.1AI score0.00578EPSS

Exploits1References2

EUVD•added 2026/04/14 6:30 p.m.•2 views

EUVD-2026-22325

4.3CVSS5.8AI score0.00263EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•2 views

EUVD-2026-22323

4.1CVSS5.8AI score0.00267EPSS

Exploits0References2

NVD•added 2026/04/14 4:16 p.m.•1 views

CVE-2026-22576

6.5CVSS0.00263EPSS

Exploits0References1

CVE•added 2026/04/14 3:38 p.m.•11 views

CVE-2026-22576

CVE-2026-22576 affects Fortinet FortiSOAR PaaS (7.3–7.6) and FortiSOAR on‑premise (7.3–7.6). The underlying issue is storing passwords in a recoverable format, enabling an authenticated remote attacker to retrieve passwords for multiple installed connectors by modifying the server address in conn...

6.5CVSS5.8AI score0.00263EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/14 3:38 p.m.•2 views

CVE-2026-22576

4.3CVSS5.8AI score0.00263EPSS

Exploits0References1

Cvelist•added 2026/04/14 3:38 p.m.•23 views

CVE-2026-22576

4.3CVSS0.00263EPSS

Exploits0References1