CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

OSV•added 2026/05/20 8:46 p.m.•3 views

MAL-2026-4516 Malicious code in chain-async-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce7d13d84d6293da0026d252448caac350f46ecf2206ee1eaeeff8b47d48c6 chain-async-test impersonates the legitimate chain-async library copies its README, license, author 'Eugene Lazutkin / uhop', and full API surface; t...

6.2AI score

Exploits0References1

OSV•added 2026/05/19 7:53 p.m.•4 views

MAL-2026-4740 Malicious code in zod-to-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...

6.2AI score

Exploits0References3

Positive Technologies•added 2026/05/15 12:0 a.m.•6 views

PT-2026-41234

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00023EPSS

Exploits0References3

Cvelist•added 2026/05/09 9:47 p.m.•26 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

6.5CVSS0.00008EPSS

Exploits0References2

OSV•added 2026/03/20 4:3 a.m.•2 views

CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...

4.6CVSS6.3AI score0.00107EPSS

Exploits0References4

CNNVD•added 2026/01/10 12:0 a.m.•2 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the cProfile module as insecure, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00101EPSS

Exploits1References3