CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/26 12:59 a.m.•4 views

MAL-2026-4739 Malicious code in zkjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816 package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable sha256...

6.3AI score

OSSF Malicious Packages•added 2026/05/26 12:59 a.m.•10 views

Malicious code in zkjson (npm)

6.3AI score

Positive Technologies•added 2026/05/26 12:0 a.m.•11 views

PT-2026-43360

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6.2AI score0.00007EPSS

8.1CVSS6.2AI score0.00048EPSS

RHEL 8 : ruby:3.3 (RHSA-2026:20614)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20614 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Debian CVE•added 2026/05/26 12:0 a.m.•7 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00033EPSS

Exploits0

Cvelist•added 2026/05/26 12:0 a.m.•29 views

CVE-2026-48686

0.00033EPSS

7.5CVSS6.7AI score0.00026EPSS

RHEL 10 : libpng (RHSA-2026:20551)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20551 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

Exploits1References5

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43402

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS6.3AI score0.0008EPSS

7.5CVSS6.7AI score0.00026EPSS

RHEL 9 : libpng (RHSA-2026:20548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20548 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

Exploits1References5

AlmaLinux•added 2026/05/26 12:0 a.m.•7 views

Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.00048EPSS

OSV•added 2026/05/26 12:0 a.m.•5 views

ALSA-2026:20585 Important: compat-libtiff3 security update

The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This version should be used only if you are unable to use the current version of libtiff. Security Fixes: libtiff: libtiff: Arbitrary code execution or...

7.8CVSS6.2AI score0.00033EPSS

CVE•added 2026/05/26 12:0 a.m.•10 views

CVE-2026-48689

CVE-2026-48689 affects FastNetMon Community Edition up to 1.2.9, due to an off-by-one heap-based buffer overflow in dynamic_binary_buffer.hpp. Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) check bounds with offset ...

9.8CVSS6.5AI score0.0003EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/05/26 12:0 a.m.•8 views

CVE-2026-48686

6.4AI score0.00033EPSS

Tenable Nessus•added 2026/05/26 12:0 a.m.•6 views

RockyLinux 8 : ruby:3.3 (RLSA-2026:20614)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...

8.1CVSS6.3AI score0.00048EPSS

OSV•added 2026/05/26 12:0 a.m.•5 views

ALSA-2026:20614 Important: ruby:3.3 security update

8.1CVSS6.2AI score0.00048EPSS

7.8CVSS6.3AI score0.00033EPSS

RHEL 8 : compat-libtiff3 (RHSA-2026:20583)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20583 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...

OSV•added 2026/05/25 6:8 p.m.•4 views

MAL-2026-4437 Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

6AI score

Exploits0References2

NVD•added 2026/05/25 3:16 p.m.•11 views

CVE-2018-25366

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS0.00017EPSS