CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/29 1:21 p.m.•4 views

JLSEC-2026-348

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5Cflushsingleentry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the publi...

5.5CVSS3.6AI score0.00194EPSS

5.3CVSS5.2AI score0.00204EPSS

JLSEC-2026-339

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5Creconstructcacheentry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the...

Exploits1References6

4.8CVSS4.2AI score0.00237EPSS

JLSEC-2026-333

A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5Faddrencodelen of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has...

Exploits1References4

4.8CVSS3.4AI score0.00188EPSS

JLSEC-2026-344

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5Cloadentry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public an...

Exploits1References6

5.5CVSS4.2AI score0.0025EPSS

JLSEC-2026-334

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HLfldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The...

OSV•added 2026/04/29 1:21 p.m.•2 views

JLSEC-2026-326

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

7.8CVSS5AI score0.00364EPSS

Exploits1References4

OSV•added 2026/04/29 1:21 p.m.•4 views

JLSEC-2026-325

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SMdelete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is...

8.1CVSS4.7AI score0.00462EPSS

5.5CVSS3.8AI score0.0025EPSS

JLSEC-2026-332

A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5Faccumfree of the file src/H5Faccum.c. The manipulation of the argument overlapsize leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...

OSV•added 2026/04/29 1:21 p.m.•5 views

JLSEC-2026-345

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5Ochunkprotect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may ...

7.8CVSS4.1AI score0.00239EPSS

Exploits1References6

OSV•added 2026/04/29 12:0 p.m.•3 views

MAL-2026-3181 Malicious code in period-newline (npm)

Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

5.4AI score

OSSF Malicious Packages•added 2026/04/29 12:0 p.m.•5 views

Malicious code in period-newline (npm)

5.3AI score

OSV•added 2026/04/29 12:0 p.m.•1 views

MAL-2026-3180 Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

5.4AI score

OSSF Malicious Packages•added 2026/04/29 10:0 a.m.•6 views

Malicious code in @cap-js/postgres (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

5.6AI score

Exploits0References2

OSV•added 2026/04/29 10:0 a.m.•4 views

MAL-2026-3177 Malicious code in @cap-js/postgres (npm)

5.7AI score

Exploits0References2

Veracode•added 2026/04/29 8:5 a.m.•4 views

Timing Attack

org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...

7.5CVSS5.8AI score0.00281EPSS

Exploits0References3Affected Software1

OSSF Malicious Packages•added 2026/04/29 8:0 a.m.•5 views

Malicious code in apple-pki-cert-validator (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score

OSV•added 2026/04/29 8:0 a.m.•2 views

MAL-2026-3155 Malicious code in apple-infra-network-v2 (npm)

5.9AI score

OSV•added 2026/04/29 8:0 a.m.•2 views

MAL-2026-3154 Malicious code in apple-infra-gcp-leak (npm)

5.9AI score