CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/19 11:8 p.m.•7 views

MAL-2026-4606 Malicious code in martinez-polygon-clipping-tony (npm)

5.7AI score

OSSF Malicious Packages•added 2026/05/19 7:42 p.m.•9 views

Malicious code in crw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597 Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface...

OSV•added 2026/05/19 7:42 p.m.•6 views

Exploits0References3

MAL-2026-4746 Malicious code in crw (PyPI)

OSSF Malicious Packages•added 2026/05/19 6:13 p.m.•7 views

Exploits0References3

Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

OSV•added 2026/05/19 6:13 p.m.•10 views

MAL-2026-4729 Malicious code in whiteboard-agent (npm)

OSSF Malicious Packages•added 2026/05/19 6:5 p.m.•7 views

Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

OSV•added 2026/05/19 6:5 p.m.•4 views

MAL-2026-4370 Malicious code in @bonsai-ai/claude-code (npm)

OSSF Malicious Packages•added 2026/05/19 5:50 p.m.•7 views

Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

OSV•added 2026/05/19 5:50 p.m.•4 views

Exploits0References1

MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

OSV•added 2026/05/19 4:16 p.m.•4 views

Exploits0References1

UBUNTU-CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.00726EPSS

Exploits0References4

NVD•added 2026/05/19 2:16 p.m.•8 views

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS

Exploits2References4

EUVD•added 2026/05/19 12:59 p.m.•7 views

EUVD-2026-30931

9.3CVSS6AI score0.00941EPSS

Exploits3References4

CVE•added 2026/05/19 12:59 p.m.•14 views

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

9.3CVSS6AI score0.00941EPSS

Exploits2References4Affected Software1

CNNVD•added 2026/05/19 12:0 a.m.•6 views

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Pro Cloud Server is a modeling and service platform developed by Sparx Systems in Australia. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server 6.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed fro...

9.3CVSS5.9AI score0.00941EPSS

Exploits2References1

Positive Technologies•added 2026/05/19 12:0 a.m.•12 views

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

9.3CVSS5.9AI score0.00941EPSS

Exploits2References9

Packet Storm News•added 2026/05/19 12:0 a.m.•7 views

SCARA: A Semantics-Constrained Autonomous Remediation Agent for Opaque Industrial Software Vulnerabilities

Critical-infrastructure operators are increasingly expected to assess and remediate vulnerabilities in deployed industrial software. However, much of this software exists as opaque industrial software OIS, including stripped firmware, proprietary protocol handlers, and compiled control logic...

Tenable Nessus•added 2026/05/19 12:0 a.m.•6 views

Exploits0

CentOS 9 : polkit-0.117-16.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the polkit-0.117-16.el9 build changelog. - A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1...

5.5CVSS5.8AI score0.00131EPSS