CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 7 hours ago•6 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS

RedhatCVE•added 7 hours ago•5 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00056EPSS

RedhatCVE•added 7 hours ago•5 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00077EPSS

HackRead•added yesterday•10 views

New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments...

GithubExploit•added yesterday•24 views

Exploits0

zero2shell-50

ZeroToShell-50 🚀 A highly curated, containerized training g...

5.7AI score

Exploits0

NVD•added yesterday•7 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS

EUVD•added yesterday•9 views

EUVD-2026-34968

9CVSS5.9AI score

ATTACKERKB•added yesterday•4 views

CVE-2026-11413

9CVSS8.1AI score

Exploits0References5Affected Software1

CVE•added yesterday•16 views

CVE-2026-11413

CVE-2026-11413 affects JingDong JD Cloud Box AX6600 (version 4.5.3.r4546). The vulnerable component is the function set_macfilter in /sbin/jdcweb_rpc, whose manipulation triggers a stack-based buffer overflow. Exploitation is possible remotely and exploitation details have been publicly disclosed...

9CVSS8.1AI score

Cvelist•added yesterday•18 views

CVE-2026-11413 JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow

9CVSS

OSSF Malicious Packages•added yesterday•10 views

Malicious code in pantheon-toolsets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9c9711927907f09a0ef2b146d3aba3b8a06197b9af3f639d579015cdab7c0d5d Versions 0.5.5, 0.5.6 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSV•added yesterday•4 views

MAL-2026-5285 Malicious code in ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSV•added yesterday•4 views

MAL-2026-5283 Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e17ca2529781ce61d69b2d7e765c5e3e790d3ae2e2f187b006d710d7f9ed1 Versions 0.0.7, 0.0.8 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added yesterday•8 views

Malicious code in dynamo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSSF Malicious Packages•added yesterday•10 views

Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSV•added yesterday•6 views

MAL-2026-5280 Malicious code in bramin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28d9bf945559e6c3defecd55f9f3af3bb8b6dc073ad2b039f7c4e1eb6947c0f5 Versions 0.0.3, 0.0.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added yesterday•9 views

Malicious code in uprobe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6d0df66bf8ff6eaf447d14185b7df7a06bafc9cea9de3611a2dcc594cf97ec3 Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added yesterday•9 views

Malicious code in napari-ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5103d2b75fe554764a66f5e03957c303d4085a7d5133463f58aa0c83a87f5d7d Versions 0.0.2, 0.0.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSV•added yesterday•4 views

Exploits0References3

MAL-2026-5281 Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4396c593615517f1abf374bf3621ad44a9d0b5c540aaf8c8e101cd4954f7d7be Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...