CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

305 matches found

Snyk•added 2026/05/23 9:0 p.m.•11 views

Malicious Package

Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/23 9:0 p.m.•12 views

Malicious Package

Overview env-loader-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/23 9:0 p.m.•11 views

Malicious Package

Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/23 9:0 p.m.•12 views

Malicious Package

Overview eth-security-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/23 9:0 p.m.•14 views

Malicious Package

Overview data-pipeline-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score

Exploits0References2

CVE•added 2026/05/22 5:27 p.m.•27 views

CVE-2026-39965

Summary: CVE-2026-39965 affects TypeBot (versions ≤ 3.15.2). The HTTP Request and Code blocks validate the initial URL but the HTTP clients (ky and fetch) do not re-validate redirect destinations on 302 responses, enabling an authenticated user to point a block to an attacker-controlled server th...

7.7CVSS5.8AI score0.00308EPSS

Exploits0References2

The Hacker News•added 2026/05/22 11:55 a.m.•19 views

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, the attacke...

5.9AI score

Exploits0

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42818

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

7.7CVSS5.8AI score0.00308EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•11 views

Malicious code in @antv/ckb (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5