CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 9:35 a.m.•8 views

Malicious code in tailwindcss-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...

6.2AI score

Exploits0References4

OSSF Malicious Packages•added 2026/06/11 9:35 a.m.•5 views

Malicious code in clsx-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...

OSSF Malicious Packages•added 2026/06/11 9:35 a.m.•5 views

Malicious code in sass-formats (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...

OSSF Malicious Packages•added 2026/06/11 9:35 a.m.•12 views

Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...

5.4AI score

OSV•added 2026/06/11 9:35 a.m.•10 views

MAL-2026-5633 Malicious code in typeorm-encrypt (npm)

OSV•added 2026/06/11 9:35 a.m.•10 views

MAL-2026-5632 Malicious code in tailwindcss-merge (npm)

6.2AI score

Exploits0References4

OSV•added 2026/06/11 9:35 a.m.•9 views

MAL-2026-5629 Malicious code in sass-formats (npm)

OSV•added 2026/06/11 9:35 a.m.•9 views

MAL-2026-5625 Malicious code in clsx-tailwind (npm)

RedhatCVE•added 2026/06/11 8:59 a.m.•7 views

CVE-2025-6254

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00428EPSS

Exploits1References1

Snyk•added 2026/06/11 8:31 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the VideoMediaIO.loadbase64 function. An attacker can cause the server to exhaust memory...

8.7CVSS7.1AI score0.00367EPSS

Exploits1References2

Snyk•added 2026/06/11 8:18 a.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RemotingHandler function. An attacker can execute arbitrary scripts in the user's browser by crafting error responses that include attacker-controlled input, which are then rendered as HTML. Details...

6.5CVSS5.3AI score0.00151EPSS

RedHat Linux•added 2026/06/11 7:53 a.m.•5 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS5.6AI score0.00117EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/06/11 7:41 a.m.•12 views

Malicious code in chai-net-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...

OSV•added 2026/06/11 7:41 a.m.•9 views

MAL-2026-5607 Malicious code in chai-net-test (npm)

OSSF Malicious Packages•added 2026/06/11 7:39 a.m.•11 views

Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

OSV•added 2026/06/11 7:39 a.m.•7 views

MAL-2026-5618 Malicious code in tailwind-animator-scroll (npm)

OSSF Malicious Packages•added 2026/06/11 7:38 a.m.•9 views

Malicious code in tailwind-typography-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...

6AI score

OSV•added 2026/06/11 7:38 a.m.•9 views

MAL-2026-5619 Malicious code in tailwind-typography-plus (npm)

6AI score