CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36977

Name of the Vulnerable Software and Affected Versions ArchiveBox affected versions not specified Description The '/add/' endpoint AddView in core/views.py allows the injection of arbitrary configuration into crawl jobs because the config JSON field is merged without validation. This configuration...

9.3CVSS6.4AI score0.00061EPSS

Exploits1References8

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36899

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with a valid API key scoped to variable:list can read variables from projects they are not a member of. This occurs by...

6CVSS5.9AI score0.00038EPSS

Exploits0References5

CNNVD•added 2026/05/04 12:0 a.m.•7 views

Ollama 缓冲区错误漏洞

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS6AI score0.0004EPSS

Exploits2References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в golang-1.19

The command go env command is documented as outputting a shell script containing the Go environment. However, go env does not sanitize the values it outputs. Therefore, executing its output as a shell script can lead to various malicious behaviors, including executing arbitrary commands or...

9.8CVSS7.1AI score0.00602EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing/histograms: Add histograms to histvars if they reference variables. Triggers may have referenced variables without having direct variable fields. This can occur if referenced variables are added for trigger actions. In...

7.8CVSS6AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в firefox, thunderbird

Performing garbage collection on re-declared JavaScript variables led to a “user-after-poison” situation, and potentially caused a exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

8.8CVSS7.3AI score0.00285EPSS

OSV•added 2026/05/03 8:45 a.m.•1 views

MAL-2026-3242 Malicious code in sf-vmeval-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

5.8AI score

OSSF Malicious Packages•added 2026/05/03 8:45 a.m.•2 views

Malicious code in sf-vmeval-requests (PyPI)

5.8AI score

OSSF Malicious Packages•added 2026/05/02 10:31 a.m.•4 views

Malicious code in apexomni-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 497dca02206d8084e5a7e135245489a5ef9dd03f318b138574bc43386ddac0ef During installation, multiple sensitive environment variables are being exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/02 10:31 a.m.•4 views

MAL-2026-3235 Malicious code in apexomni-client (PyPI)

OSV•added 2026/05/01 10:14 p.m.•3 views

MAL-2026-3223 Malicious code in oracle-lag-sniper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 052e2309a320b056b5a959c33b703d819b1fa2ce9b2647d250bc612d25bae9c9 When using the package, it exfiltrates sensitive environmental variables targeting Polymarket keys to the target controlled via a Polymarket's user profile. Th...

OSSF Malicious Packages•added 2026/05/01 10:14 p.m.•11 views

Exploits0References3

Malicious code in oracle-lag-sniper (PyPI)

OSSF Malicious Packages•added 2026/05/01 9:3 p.m.•4 views

Exploits0References3

Malicious code in py-clob-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7136140b365c314a42f5efe300779f093c40a41fb5c2258c7f5ff05c88eba2f8 Package exfiltrates env variables from .env files. It's a typosquatting of a legitimate package and is used in a malicious GitHub repository --- Category:...

OSV•added 2026/05/01 9:3 p.m.•4 views

MAL-2026-3220 Malicious code in py-clob-clients (PyPI)

OSV•added 2026/05/01 8:28 p.m.•0 views

MAL-2026-3219 Malicious code in tns-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...

OSSF Malicious Packages•added 2026/05/01 1:46 p.m.•4 views

Malicious code in chalk-fancy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

ATTACKERKB•added 2026/04/30 9:11 p.m.•0 views

Exploits0References4

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS5.8AI score0.00041EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/30 9:11 p.m.•30 views

CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

8.8CVSS0.00041EPSS