CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/01 9:14 p.m.•5 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00005EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/01 9:14 p.m.•29 views

CVE-2026-0036

0.00005EPSS

Cvelist•added 2026/06/01 9:14 p.m.•28 views

CVE-2026-0018

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00005EPSS

ATTACKERKB•added 2026/06/01 9:14 p.m.•6 views

CVE-2026-0018

5.5CVSS5.9AI score0.00005EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/06/01 9:14 p.m.•7 views

CVE-2026-0041

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00118EPSS

Exploits0References2Affected Software1

CVE•added 2026/06/01 9:14 p.m.•7 views

CVE-2026-0036

CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...

7.8CVSS5.9AI score0.00005EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/01 9:14 p.m.•6 views

CVE-2026-0036

5.9AI score0.00005EPSS

CVE•added 2026/06/01 9:0 p.m.•8 views

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability in the egeq.php endpoint, exploitable by an authenticated user via the egeqIdEquipe parameter in GET requests to execute arbitrary SQL and extract sensitive database information (including version details). This aligns with the CVSS metrics ...

7.1CVSS6.1AI score0.00029EPSS

Exploits0References4

Cvelist•added 2026/06/01 9:0 p.m.•26 views

CVE-2026-10292 UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

9CVSS0.00048EPSS

Exploits0References5

Snyk•added 2026/06/01 9:0 p.m.•6 views

Malicious Package

Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•8 views

Malicious Package

Overview env-config-manager is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•8 views

Malicious Package

Overview vpmdhaj-opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•5 views

Malicious Package

Overview opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those legitima...

Snyk•added 2026/06/01 9:0 p.m.•6 views

Malicious Package

Overview opensearch-setup-tool is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•7 views

Malicious Package

Overview @vpmdhaj/search-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•9 views

Malicious Package

Overview app-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Snyk•added 2026/06/01 9:0 p.m.•4 views

Malicious Package

Overview @vpmdhaj/opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...