CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

970 matches found

CVE-2026-46751

CVE-2026-46751 affects Apache Kvrocks (2.2.0–2.15.0). The root cause is that Kvrocks does not remove the unsafe loadstring function from its Lua sandbox, enabling a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of...

5.5CVSS5.8AI score0.00324EPSS

Exploits0References2

Cvelist•added 4 days ago•26 views

CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

5.5CVSS0.00324EPSS

Exploits0References1

OSV•added last week•3 views

MAL-2026-6271 Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score

Exploits0References8

OSSF Malicious Packages•added last week•8 views

Malicious code in node-fetch-utils (npm)

5.8AI score

Exploits0References8

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in openjdk-11, bcel

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7.6AI score0.17673EPSS

Exploits2References1

Packet Storm News•added 2026/06/11 12:0 a.m.•6 views

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score

Exploits0

Packet Storm News•added 2026/06/08 12:0 a.m.•5 views

RECON: An LLM-Enhanced Backward Constraint Analysis Framework

While traditional techniques, such as symbolic execution, provide a principled foundation for precise constraint reasoning in program analysis, they struggle to scale to modern software systems mainly due to path explosion, the need for function modeling, and the loss of semantic intent at...

5.8AI score

Exploits0

Packet Storm News•added 2026/06/05 12:0 a.m.•7 views

The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...

5.5AI score

Exploits0

Packet Storm News•added 2026/06/04 12:0 a.m.•5 views

Joern 4.0.554

5.9AI score

Exploits0

Packet Storm News•added 2026/05/27 12:0 a.m.•12 views

Joern 4.0.548

5.9AI score

Exploits0

GithubExploit•added 2026/05/22 9:3 p.m.•70 views

Reversing-Toolkit

Reversing Toolkit 🔧 3 reverse engineering & binary exploita...

6AI score

Exploits0

OSV•added 2026/05/22 1:45 p.m.•8 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score

Exploits0References1

Packet Storm News•added 2026/05/22 12:0 a.m.•11 views

Joern 4.0.546

5.9AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

9.8CVSS6.9AI score0.02836EPSS

Exploits0References1

RedHat Linux•added 2026/05/19 6:30 p.m.•7 views

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS7.2AI score0.00202EPSS

Exploits0References9

RedHat Linux•added 2026/05/19 1:35 p.m.•13 views

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

5.7CVSS7.2AI score0.00202EPSS

Exploits0References9

Packet Storm News•added 2026/05/19 12:0 a.m.•19 views

Joern 4.0.542

5.9AI score

Exploits0

Packet Storm News•added 2026/05/18 12:0 a.m.•11 views

Joern 4.0.540

5.9AI score

Exploits0

Packet Storm News•added 2026/05/13 12:0 a.m.•12 views

Joern 4.0.538

5.9AI score

Exploits0

OSV•added 2026/05/12 7:43 a.m.•5 views

MAL-2026-3696 Malicious code in projz-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 196ea7ee7277857a29c8478e6908961bde9f28aa136c3e6ae68412ba4b67bff0 The package routes authentication-related calls through a hardcoded third-party HTTP endpoint and then unpickles the server's raw response, which is ...

6.7AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by