CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•8 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS

RedhatCVE•added 2 days ago•8 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00056EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00077EPSS

HackRead•added 3 days ago•17 views

New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments...

GithubExploit•added 3 days ago•49 views

Exploits0

zero2shell-50

ZeroToShell-50 🚀 A highly curated, containerized training g...

5.7AI score

Exploits0

NVD•added 3 days ago•7 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS0.00043EPSS

CVE•added 3 days ago•25 views

CVE-2026-11413

CVE-2026-11413 affects JingDong JD Cloud Box AX6600 (version 4.5.3.r4546). The vulnerable component is the function set_macfilter in /sbin/jdcweb_rpc, whose manipulation triggers a stack-based buffer overflow. Exploitation is possible remotely and exploitation details have been publicly disclosed...

9CVSS8.1AI score0.00043EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-11413

9CVSS8.1AI score0.00043EPSS

Exploits0References5Affected Software1

EUVD•added 3 days ago•11 views

EUVD-2026-34968

9CVSS5.9AI score0.00043EPSS

Cvelist•added 3 days ago•42 views

CVE-2026-11413 JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow

9CVSS0.00043EPSS

Vulnrichment•added 3 days ago•3 views

CVE-2026-11413 JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow

9CVSS5.9AI score0.00043EPSS

OSV•added 3 days ago•5 views

MAL-2026-5294 Malicious code in magique-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 155a3b7ed9c67010006ca571bfcd1fd23d957f4ff7ed21eec9dc6bda7cc44c9a Versions 0.4.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSV•added 3 days ago•6 views

MAL-2026-5285 Malicious code in ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSV•added 3 days ago•5 views

MAL-2026-5283 Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e17ca2529781ce61d69b2d7e765c5e3e790d3ae2e2f187b006d710d7f9ed1 Versions 0.0.7, 0.0.8 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in instructor-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d22e882ab0d869a60fcff314b04f0534f3622d7719ed3a9101d55bb6c81dcbc9 Versions 1.15.2, 1.15.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code execute...

OSSF Malicious Packages•added 3 days ago•5 views

Exploits0References4

Malicious code in gpsea (PyPI)

The package gpsea version 0.9.14 contains a malicious .pth file gpsea-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated JavaScrip...

OSV•added 3 days ago•4 views

Exploits0References6

MAL-2026-5300 Malicious code in funcdesc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c6f85c691f141dc4c962171ac49945286bb40e15cb8450d2f42d048a3f53bb22 Versions 0.2.2, 0.2.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSV•added 3 days ago•4 views

MAL-2026-5296 Malicious code in magique (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d3bf9e3bbd5c258d251ade5a15f3383a47a53ddd399d7cd3db2aee5cec45c4 Versions 0.6.8, 0.6.9 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added 3 days ago•11 views

Malicious code in pantheon-toolsets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9c9711927907f09a0ef2b146d3aba3b8a06197b9af3f639d579015cdab7c0d5d Versions 0.5.5, 0.5.6 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...