CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•21 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

7.2CVSS0.00023EPSS

ATTACKERKB•added 4 days ago•8 views

CVE-2026-49135

7.2CVSS5.8AI score0.00023EPSS

Exploits0References5

Positive Technologies•added 4 days ago•10 views

PT-2026-45558

7.2CVSS5.8AI score0.00023EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•5 views

Malicious code in @cloudplatform-single-spa/aifactory-notebooks (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•7 views

Malicious code in @mlspace/allocations (npm)

OSV•added 2026/05/28 12:0 a.m.•3 views

MAL-2026-4921 Malicious code in @cloudplatform-single-spa/evolution (npm)

OSV•added 2026/05/28 12:0 a.m.•3 views

MAL-2026-4867 Malicious code in @car-loans/deal-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

OSV•added 2026/05/28 12:0 a.m.•3 views

MAL-2026-5021 Malicious code in @mlspace/inference-build (npm)

Tenable Nessus•added 2026/05/27 12:0 a.m.•11 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1743)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1743 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.6AI score0.00054EPSS

Exploits0References22

OSSF Malicious Packages•added 2026/05/25 6:9 p.m.•6 views

Malicious code in @service-user-notifications/set_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...

6.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/25 6:8 p.m.•8 views

Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

6AI score

Exploits0References2

OSV•added 2026/05/25 7:35 a.m.•2 views

CLSA-2026-1779579653 thunderbird: Fix of 4 CVEs

CVE-2024-0742: assertion failure in nsPresContext::UserInputEventsAllowed Document::SetIsInitialDocument sticky-bit - CVE-2025-2830: path traversal via malformed attachment filename in multipart message directory guard in MimePart.fetchAttachment + mimedrft.cpp - CVE-2025-3909: predictable...

8.1CVSS6.7AI score0.01842EPSS

OSSF Malicious Packages•added 2026/05/22 4:50 p.m.•7 views

Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score

OSV•added 2026/05/22 4:50 p.m.•3 views

MAL-2026-4646 Malicious code in prisma-client-python (npm)

6AI score

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

7.5CVSS6.8AI score0.01104EPSS

Tenable Nessus•added 2026/05/06 12:0 a.m.•3 views

RHCOS 4 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

8CVSS6.8AI score0.01671EPSS

Exploits0References29

Tenable Nessus•added 2026/05/06 12:0 a.m.•4 views

RHCOS 4 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

8CVSS6.8AI score0.01671EPSS

Exploits0References29

Cvelist•added 2026/04/24 9:20 p.m.•24 views

CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS0.00007EPSS