CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1601 matches found

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•7 views

Malicious code in github.com/BufferZoneCorp/log-core (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•5 views

MAL-2026-3632 Malicious code in knot-devise-jwt-helper (RubyGems)

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•3 views

MAL-2026-3623 Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•2 views

MAL-2026-3625 Malicious code in github.com/BufferZoneCorp/go-stdlog (Go)

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•6 views

Malicious code in knot-rspec-formatter-json (RubyGems)

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•3 views

MAL-2026-3631 Malicious code in knot-date-utils-rb (RubyGems)

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•3 views

MAL-2026-3633 Malicious code in knot-rack-session-store (RubyGems)

5.8AI score

Exploits0References1

SUSE CVE•added 2026/05/12 4:30 a.m.•6 views

SUSE CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system's configuration, which also includes some debug functions...

8.8CVSS7.2AI score0.00023EPSS

Exploits0References3

GithubExploit•added 2026/05/07 2:15 p.m.•38 views

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

5.8AI score

Exploits0

RedhatCVE•added 2026/05/06 8:21 p.m.•3 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

7.4CVSS5.8AI score0.00457EPSS

Exploits0References1

GithubExploit•added 2026/05/06 5:18 p.m.•71 views

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

🔓 CVE-2026-0073: Android adbd Authentication Bypass Proof...

8.8CVSS6AI score0.00012EPSS

Exploits10

OSV•added 2026/05/06 5:5 p.m.•2 views

GHSA-HQWM-7X7X-8379 DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

7.7CVSS5.9AI score0.00005EPSS

Exploits0References3

EUVD•added 2026/05/05 6:33 p.m.•2 views

EUVD-2026-27394

7.4CVSS5.8AI score0.00457EPSS

Exploits0References3

Packet Storm News•added 2026/05/05 12:0 a.m.•4 views

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

5.8AI score

Exploits0

EUVD•added 2026/05/04 6:0 p.m.•2 views

EUVD-2026-27041

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00012EPSS

Exploits10References1

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42373

D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

9.8CVSS0.00269EPSS

Exploits1References1

CVE•added 2026/05/04 4:2 p.m.•13 views

CVE-2026-42375

D-Link DIR-600L A1 (End-of-Life) is affected by CVE-2026-42375 due to a hardcoded telnet backdoor. The device runs a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u u...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/04 4:0 p.m.•1 views

CVE-2026-42374

D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References2

EUVD•added 2026/05/04 3:53 p.m.•2 views

EUVD-2026-27021

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

8.8CVSS5.8AI score0.00092EPSS

Exploits1References1

GithubExploit•added 2026/05/03 1:18 p.m.•63 views

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

9.8CVSS6AI score0.90762EPSS

Exploits61

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by