CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/03/18 9:59 a.m.•131 views

Exploit for CVE-2026-26801

pdfmake SSRF Vulnerability PoC Vulnerability Summary | Fi...

7.5CVSS5.8AI score0.00481EPSS

Exploits2

Positive Technologies•added 2026/03/16 12:0 a.m.•8 views

PT-2026-25700

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS

OSSF Malicious Packages•added 2026/03/13 8:43 a.m.•3 views

Malicious code in thief-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bcebc8919f53e78dae4adb16168fdd37abea93d969d3411b948ed1781c6faf28 During installation, package attempts to exfiltrate cloud credentials and sensitive env variables --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score

OSV•added 2026/03/13 8:43 a.m.•1 views

MAL-2026-1407 Malicious code in thief-utils (PyPI)

5.8AI score

OSV•added 2026/03/10 6:28 p.m.•5 views

GO-2026-4589 Rancher cloud credentials can be used through proxy API by users without access in github.com/rancher/rancher

Rancher cloud credentials can be used through proxy API by users without access in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

9.9CVSS5.8AI score0.00832EPSS

Exploits0References3

OSV•added 2026/03/03 2:52 p.m.•5 views

GHSA-GQF8-RVRH-G7W6 Rancher cloud credentials can be used through proxy API by users without access

A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...

9.9CVSS5.9AI score0.00832EPSS

Exploits0References4

Github Security Blog•added 2026/03/03 2:52 p.m.•9 views

Rancher cloud credentials can be used through proxy API by users without access

9.9CVSS7.1AI score0.00832EPSS

Exploits0References4Affected Software1

Snyk•added 2026/02/26 9:21 a.m.•5 views

Malicious Package

Overview clawdest is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Snyk•added 2026/02/26 9:21 a.m.•4 views

Malicious Package

Overview magicwolf is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Snyk•added 2026/02/26 9:21 a.m.•7 views

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Snyk•added 2026/02/26 9:21 a.m.•6 views

Malicious Package

Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Snyk•added 2026/02/26 9:21 a.m.•6 views

Malicious Package

Overview magichat is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Snyk•added 2026/02/23 10:16 p.m.•4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the validateHostname function. An attacker can access internal cloud metadata endpoints and retrieve sensitive credentials by exploiting a...

7CVSS5.6AI score0.00446EPSS

Exploits2References2

CNNVD•added 2026/02/06 12:0 a.m.•6 views

pydantic-ai 代码问题漏洞

Pydantic-ai is a generative AI framework developed by Pydantic for building production-grade applications and workflows. Versions of pydantic-ai prior to 1.56.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the URL download...

8.6CVSS6.7AI score0.00493EPSS

Exploits1References3

Packet Storm News•added 2026/01/27 12:0 a.m.•3 views

JavaScript Sensitive Information Disclosure Scanner

This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...

5.8AI score

Exploits0

RedhatCVE•added 2026/01/17 5:19 p.m.•25 views

CVE-2026-23529

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS7AI score0.00376EPSS