CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/09 5:29 p.m.•5 views

MAL-2026-3405 Malicious code in ggfmttygl (PyPI)

5.9AI score

OSV•added 2026/05/08 7:24 a.m.•3 views

MAL-2026-3384 Malicious code in web3-connect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1395358346670699250fafa1cb824e59ce1d8265d21b6c80c5033f572349265f Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSSF Malicious Packages•added 2026/05/08 7:24 a.m.•9 views

Malicious code in web3-connect (PyPI)

OSSF Malicious Packages•added 2026/05/08 7:20 a.m.•12 views

Malicious code in eth-web3-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/08 7:20 a.m.•5 views

MAL-2026-3379 Malicious code in eth-web3-utils (PyPI)

EUVD•added 2026/05/07 9:31 a.m.•5 views

EUVD-2025-209708

OS command injection vulneravility in the management gui maintenance utility of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

8.1CVSS5.8AI score0.009EPSS

NVD•added 2026/05/07 8:16 a.m.•6 views

CVE-2025-9661

9.8CVSS0.009EPSS

CVE•added 2026/05/07 7:8 a.m.•15 views

CVE-2025-9661

Summary: CVE-2025-9661: OS command injection in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28. Affected products/versions: Hitachi VSP One Block 23, 24, 26 and 28 (before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00). Vulnerability: OS command in...

9.8CVSS5.8AI score0.009EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/04 1:16 a.m.•14 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS0.00214EPSS

Exploits0References3

Cvelist•added 2026/05/04 12:39 a.m.•45 views

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

9.3CVSS0.00214EPSS

Vulnrichment•added 2026/05/04 12:39 a.m.•1 views

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

9.3CVSS5.8AI score0.00214EPSS

EUVD•added 2026/05/04 12:39 a.m.•21 views

EUVD-2026-26862

9.3CVSS5.8AI score0.00214EPSS

CNNVD•added 2026/05/04 12:0 a.m.•8 views

GeoVision GV-IP Device Utility 安全漏洞

The GeoVision GV-IP Device Utility is a network configuration tool developed by the Chinese company GeoVision, designed for discovering and managing IP monitoring devices. Version 9.0.5 of the GeoVision GV-IP Device Utility contains a security vulnerability. This vulnerability stems from...

9.3CVSS5.8AI score0.00214EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Firefox

A null pointer dereference may have occurred inadvertently in pk12util, specifically in the SECASN1DecodeItemUtil function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox 133 and Thunderbird 133...

6.5CVSS6.2AI score0.00461EPSS

Packet Storm News•added 2026/05/03 12:0 a.m.•1 views

Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration

Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...

EUVD•added 2026/05/02 6:15 a.m.•2 views

Exploits0

EUVD-2026-26753

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS5.5AI score0.00214EPSS

Exploits0References6

Positive Technologies•added 2026/05/01 12:0 a.m.•8 views

PT-2026-38397

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows unauthenticated attackers to execute arbitrary system commands RCE on the host. The issue occurs because BaseHandler.getPrototypeOf can be reached via util.inspect, enabling the...

10CVSS6.3AI score0.00593EPSS

Exploits1References13

OSV•added 2026/04/30 8:37 p.m.•4 views

MAL-2026-3203 Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

5.7AI score

OSSF Malicious Packages•added 2026/04/29 4:1 p.m.•3 views

Malicious code in apple-appstore-full-library-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...