CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7991 matches found

vulnersOsv•added 2026/06/04 12:0 p.m.•3 views

crypt_guard (=0.1.4), env_encryption_tool (=0.9.17) +7 more potentially affected by unknown CVE via pqcrypto (>=0.11.1 <=0.18.1)

pqcrypto CARGO version =0.11.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.23.0, =0.23.0, =12.0.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0164...

5.5AI score

Exploits0

vulnersOsv•added 2026/06/03 9:15 p.m.•3 views

haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)

docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151737...

5.5AI score0.0004EPSS

Exploits0

Tenable Nessus•added 2026/06/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-48501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository...

9.1CVSS5.7AI score0.00267EPSS

Exploits0References3

vulnersOsv•added 2026/06/02 9:0 p.m.•3 views

autotel-cli (>=0.8.10 <=0.8.11) potentially affected by unknown CVE via autotel-mcp (>=0.1.10 <=0.1.11)

autotel-mcp NPM version =0.1.10, =0.8.10, =0.8.11 Source cves: unknown CVE Source advisory: SNYK:JS-AUTOTELMCP-17146470...

5.5AI score

Exploits0

Snyk•added 2026/06/02 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score

Exploits0References2

Wolfi•added 2026/06/02 1:48 a.m.•12 views

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: prometheus-operator, argo-cd, flux, caddy, kyverno, crossplane-provider-azure-authorization, minio, gptscript, cilium, nerdctl, hydra, glab, hubble, zot, step, telegraf, kots, snyk-cli, kine, crossplane-provider-azure-storage, ingress-nginx-controller, prometheus,...

5.2AI score

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•10 views

GHSA-M9X8-M34X-FJ9Q vulnerabilities

5.2AI score

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•11 views

CVE-2026-27136 vulnerabilities

6.1CVSS5.2AI score0.00236EPSS

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•9 views

CVE-2026-25680 vulnerabilities

6.5CVSS5.2AI score0.0034EPSS

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•8 views

CVE-2026-42506 vulnerabilities

6.1CVSS5.2AI score0.00249EPSS

Exploits0

Snyk•added 2026/06/01 3:43 p.m.•4 views

Malicious Package

Overview xarc-webpack-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

vulnersOsv•added 2026/06/01 2:9 p.m.•3 views

@baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.278 <=2.1.0-alpha.281), @baic/preset-yolk-umi-mobile (>=2.1.0-alpha.278 <=2.1.0-alpha.281) +8 more potentially affected by CVE-2026-47429 via @vitest/browser (>=4.0.0-beta.11 <=4.1.0-beta.2)

@vitest/browser NPM version =4.0.0-beta.11, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =4.0.0, =4.0.0, =4.0.0, =0.5.0, =0.1.0, =0.2.0-alpha.4 Source cves: CVE-2026-47429 Source advisory: SNYK:JS-VITESTBROWSER-17120327...

5.4AI score0.00232EPSS

Exploits0

OSV•added 2026/06/01 9:4 a.m.•6 views

MAL-2026-5105 Malicious code in @tmecontinue/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91dc0ad891441e786e37b86bbf8e4f881519bcfd68db3525c1a38f2064dbbbfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

EUVD•added 2026/06/01 4:0 a.m.•17 views

EUVD-2026-33555

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.2AI score0.00266EPSS

Exploits0References5

CNNVD•added 2026/06/01 12:0 a.m.•35 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS5.8AI score0.00266EPSS

Exploits0References5

OPENSUSE Linux•added 2026/06/01 12:0 a.m.•8 views

Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec (important)

openSUSE security update: security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20841-1 Rating:...

8.7CVSS7AI score0.02164EPSS

Exploits0References1

SUSE CVE•added 2026/05/31 1:32 a.m.•17 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00267EPSS

Exploits0References3