CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 5:0 a.m.•7 views

Malicious code in @tonsdk/core (npm)

6.4AI score

OSV•added 2026/06/11 4:45 a.m.•10 views

MAL-2026-5567 Malicious code in field-upload-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...

OSSF Malicious Packages•added 2026/06/11 4:16 a.m.•10 views

Malicious code in polymarket-clob-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a40eb434e89ad381733b42cb87bd88d0da0913520a210fd4f6da175e1a115f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 2026/06/11 4:16 a.m.•5 views

Malicious Package

Overview tailwind-dark-mode-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score

OSV•added 2026/06/11 4:16 a.m.•6 views

MAL-2026-5586 Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/11 4:16 a.m.•8 views

MAL-2026-5585 Malicious code in polymarket-clob-api (npm)

OSSF Malicious Packages•added 2026/06/11 4:12 a.m.•6 views

Malicious code in emittery_styled (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f21dd8eb533d5ecf0c5123429a9cc453f24eb9426a6cfadcac5c2d299fa5a23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/11 4:12 a.m.•9 views

MAL-2026-5583 Malicious code in emittery_styled (npm)

OSV•added 2026/06/11 4:4 a.m.•6 views

MAL-2026-5584 Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GithubExploit•added 2026/06/11 3:15 a.m.•48 views

Exploit for Type Confusion in Google Chrome

SSD Advisory – Google Chrome RCE Source: ssd-disclosure.co...

8.1CVSS7.9AI score0.19883EPSS

Exploits5

OSSF Malicious Packages•added 2026/06/11 3:15 a.m.•7 views

Malicious code in @403name/electron-buidler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed72e6dbbdb78cd8fc99bfafc15900f16543690460ae2cfad826aeee20c05a4 On require, index.js executes an immediately-invoked function that platform-gates to macOS, skips CI environments, drops a one-shot marker file in...

OSV•added 2026/06/11 3:15 a.m.•9 views

MAL-2026-5547 Malicious code in @403name/electron-buidler (npm)

OSSF Malicious Packages•added 2026/06/11 3:14 a.m.•7 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

OSV•added 2026/06/11 3:14 a.m.•11 views

MAL-2026-5548 Malicious code in @403name/ether-js (npm)

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•8 views

CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.5AI score0.00148EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS6.6AI score0.00887EPSS

OSSF Malicious Packages•added 2026/06/11 2:50 a.m.•8 views

Malicious code in express-self-destruct (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...

5.7AI score