CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1083889 matches found

OSV•added 2026/06/13 8:52 p.m.•12 views

MAL-2026-5748 Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

5.5AI score

Exploits0References6

OSV•added 2026/06/13 8:24 p.m.•8 views

MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...

5.4AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/13 8:15 p.m.•7 views

Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

5.5AI score

Exploits0References2

OSV•added 2026/06/13 8:15 p.m.•8 views

MAL-2026-5740 Malicious code in 2fa-exe (npm)

5.6AI score

Exploits0References2

OSV•added 2026/06/13 8:13 p.m.•11 views

MAL-2026-5743 Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/13 8:13 p.m.•11 views

Malicious code in environment-gate (npm)

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/13 8:10 p.m.•8 views

Malicious code in xy-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25 package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid,...

5.4AI score

Exploits0References1

GithubExploit•added 2026/06/13 6:51 p.m.•129 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

10CVSS8.6AI score0.99562EPSS

Exploits367

Debian•added 2026/06/13 5:12 p.m.•7 views

[SECURITY] [DSA 6344-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6344-1 [email protected] https://www.debian.org/security/ Andres Salomon June 13, 2026 https://www.debian.org/security/faq -...

9.6CVSS5.8AI score0.00286EPSS

Exploits0

OSV•added 2026/06/13 4:22 p.m.•5 views

MINI-584X-F66P-4HH7

Bulletin has no description...

5.4CVSS4.9AI score0.00241EPSS

Exploits0

OSV•added 2026/06/13 4:22 p.m.•7 views

MINI-XQWF-QFHR-R9QX

Bulletin has no description...

5.4CVSS4.9AI score0.00241EPSS

Exploits0

OSV•added 2026/06/13 4:19 p.m.•3 views

MINI-9RCC-GM2P-3Q72

Bulletin has no description...

8.8CVSS5AI score0.00402EPSS

Exploits0

OSV•added 2026/06/13 4:19 p.m.•3 views

MINI-PX7C-FR6V-5R6J

Bulletin has no description...

7.8CVSS4.9AI score0.00114EPSS

Exploits0

GithubExploit•added 2026/06/13 4:2 p.m.•75 views

MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

5.5AI score

Exploits0

GithubExploit•added 2026/06/13 3:9 p.m.•77 views

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

CVE-2018-9276 — PRTG Network Monitor ⚠️ Disclaimer: This...

9CVSS8AI score0.86943EPSS

Exploits12

GithubExploit•added 2026/06/13 2:34 p.m.•71 views

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

7.3CVSS5.6AI score0.00657EPSS

Exploits1

The Hacker News•added 2026/06/13 1:23 p.m.•18 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.10035EPSS

Exploits2

Nuclei•added 2026/06/13 1:20 p.m.•7 views

Ivanti Sentry - OS Command Injection

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...

10CVSS6.2AI score0.59524EPSS

Exploits4References2

GithubExploit•added 2026/06/13 11:27 a.m.•68 views

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

9.8CVSS5.3AI score0.01462EPSS

Exploits4

GithubExploit•added 2026/06/13 11:14 a.m.•58 views

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...

7.8CVSS8.3AI score0.99981EPSS

Exploits39