CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•6 views

EUVD-2025-210368

8.3CVSS5.8AI score0.00195EPSS

ATTACKERKB•added yesterday•6 views

CVE-2025-2902

8.3CVSS5.8AI score0.00195EPSS

CVE•added yesterday•11 views

CVE-2025-2902

CVE-2025-2902 describes an improper authorization vulnerability in the maintenance utility (management GUI) of Hitachi Virtual Storage Platform family. Affected products include Hitachi Virtual Storage Platform E390/E590/E790/E990/E1090 and E390H/E590H/E790H/E1090H (before DKCMAIN Ver. 93-07-26-x...

8.3CVSS5.8AI score0.00195EPSS

Cvelist•added yesterday•25 views

CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform

8.3CVSS0.00195EPSS

Nuclei•added 2 days ago•49 views

Hardcoded Admin Credentials For Cisco Smart Licensing Utility API

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit...

9.8CVSS7.7AI score0.9201EPSS

OSV•added 4 days ago•4 views

MAL-2026-6504 Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score

Exploits0References7

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Firefox

A null pointer dereference may have occurred inadvertently in pk12util, specifically in the SECASN1DecodeItemUtil function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox 133 and Thunderbird 133...

6.5CVSS6.2AI score0.0047EPSS

Nuclei•added 2026/06/19 11:10 a.m.•64 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.4AI score0.87113EPSS

Exploits4References5

Photon•added 2026/06/18 12:0 a.m.•5 views

Important Photon OS Security Update - PHSA-2026-5.0-0885

Updates of 'jq', 'util-linux', 'rsync' packages of Photon OS have been released...

3.7CVSS5.8AI score0.00337EPSS

Exploits0

OSV•added 2026/06/15 5:30 p.m.•9 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

Talos•added 2026/06/15 12:0 a.m.•6 views

Exploits0References9

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS

Exploits0

OSSF Malicious Packages•added 2026/06/13 7:19 a.m.•13 views

Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

OSV•added 2026/06/13 7:19 a.m.•21 views

MAL-2026-5739 Malicious code in sheratan_haha (npm)

OSV•added 2026/06/13 6:51 a.m.•10 views

MAL-2026-5731 Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

OSV•added 2026/06/13 6:51 a.m.•8 views

MAL-2026-5732 Malicious code in houzidawang808 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...

5.3AI score