CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•12 views

Malicious code in @antv/f6-alipay (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References4

Packet Storm•added 2026/03/12 12:0 a.m.•192 views

📄 Alipay Open Redirect / API Attacker Payload Insertion

A single crafted URL enables a complete attack chain against Alipay mobile application users that can allow for data exfiltration. As the vendor has stated this is normal behavior with no apparent plans to address the problem, this is being published to make users aware. Alipay Mobile App -...

5.8AI score

Exploits0

EUVD•added 2025/11/18 5:27 a.m.•2 views

EUVD-2025-197918

Malicious code in @profmego/alipay-babyblue npm...

6.6AI score

Exploits0References1

Snyk•added 2025/11/18 5:27 a.m.•2 views

Malicious Package

Overview @profmego/alipay-babyblue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

NVD•added 2025/10/27 7:16 p.m.•7 views

CVE-2025-12304

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS0.00236EPSS

Exploits0References4

Cvelist•added 2025/10/27 6:32 p.m.•9 views

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

5.3CVSS0.00236EPSS

Exploits0References4

Vulnrichment•added 2025/10/27 6:32 p.m.•2 views

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

5.3CVSS4.5AI score0.00236EPSS

Exploits0References4

Positive Technologies•added 2025/10/27 12:0 a.m.•4 views

PT-2025-44007

5.3CVSS6.3AI score0.00236EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2019-16359

Malware in sbrugna...

9.8CVSS9.5AI score0.01135EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2014-4441

Malware in sbrugna...

4.3CVSS6.4AI score0.01651EPSS

Exploits1References3

vulnersOsv•added 2024/09/19 2:49 p.m.•6 views

cc.chensoul.nacos:core-test (=2.5.2), cc.chensoul.nacos:nacos-address (=2.5.2) +381 more potentially affected by CVE-2024-46983 via com.alipay.sofa:hessian (>=3.3.0 <=3.5.4)

com.alipay.sofa:hessian MAVEN version =3.3.0, =3.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on com.alipay.sofa:hessian and may be impacted: - cc.chensoul.nacos:core-test =2.5.2 - cc.chensoul.nacos:nacos-address =2.5.2 - cc.chensoul.nacos:nacos-cm...

9.8CVSS5.4AI score0.00678EPSS

Exploits0

The Hacker News•added 2024/08/06 9:36 a.m.•22 views

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

7.3AI score

Exploits0