CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

6.3CVSS0.00421EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•11 views

Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/09 5:34 p.m.•12 views

Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score

Exploits0References2

OSV•added 2026/06/09 5:34 p.m.•8 views

MAL-2026-5450 Malicious code in o3forms (npm)

5.6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/25 6:12 p.m.•8 views

Malicious code in @databus-service-ui/scroll-up-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/20 7:31 p.m.•10 views

Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/19 7:53 p.m.•12 views

Malicious code in zod-to-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...

6.2AI score

Exploits0References3

GithubExploit•added 2026/05/18 12:59 a.m.•60 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

10CVSS7.4AI score0.99999EPSS

Exploits347

OSV•added 2026/05/14 7:25 p.m.•5 views

MAL-2026-3767 Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

5.9AI score

Exploits0References1

CNVD•added 2026/01/19 12:0 a.m.•1 views

WordPress SearchWiz plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SearchWiz plugin that stems from the use of escattr instead of eschtml to output post titles in search results, whic...

6.4CVSS6AI score0.00232EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-21839

Malware in sbrugna...

5.4CVSS5.6AI score0.01371EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-23508

Malware in sbrugna...

4.8CVSS5.2AI score0.00591EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2017-5608

Malware in sbrugna...

6.1CVSS7.8AI score0.03094EPSS

Exploits5References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-9104

Malware in sbrugna...

8.8CVSS6.6AI score0.05345EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-27990

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00811EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-6549

Malicious code in bioql PyPI...

5CVSS6.6AI score0.00213EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-5593

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.03035EPSS

Exploits2References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-13428

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00309EPSS

Exploits1References2

Github Security Blog•added 2025/07/21 7:4 p.m.•36 views

form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

9.4CVSS7.1AI score0.01735EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2025/06/19 12:8 a.m.•5 views

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

6.1CVSS5.8AI score0.00231EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by