CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/11 4:16 a.m.•7 views

MAL-2026-5586 Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/11 4:12 a.m.•6 views

Malicious code in emittery_styled (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f21dd8eb533d5ecf0c5123429a9cc453f24eb9426a6cfadcac5c2d299fa5a23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/11 4:12 a.m.•9 views

MAL-2026-5583 Malicious code in emittery_styled (npm)

OSV•added 2026/06/11 4:4 a.m.•6 views

MAL-2026-5584 Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GithubExploit•added 2026/06/11 3:15 a.m.•49 views

Exploit for Type Confusion in Google Chrome

SSD Advisory – Google Chrome RCE Source: ssd-disclosure.co...

8.1CVSS7.9AI score0.19883EPSS

Exploits5

OSSF Malicious Packages•added 2026/06/11 3:15 a.m.•7 views

Malicious code in @403name/electron-buidler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed72e6dbbdb78cd8fc99bfafc15900f16543690460ae2cfad826aeee20c05a4 On require, index.js executes an immediately-invoked function that platform-gates to macOS, skips CI environments, drops a one-shot marker file in...

OSV•added 2026/06/11 3:15 a.m.•9 views

MAL-2026-5547 Malicious code in @403name/electron-buidler (npm)

OSSF Malicious Packages•added 2026/06/11 3:14 a.m.•7 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

OSV•added 2026/06/11 3:14 a.m.•11 views

MAL-2026-5548 Malicious code in @403name/ether-js (npm)

RedhatCVE•added 2026/06/11 2:59 a.m.•8 views

CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.5AI score0.00148EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS6.6AI score0.00887EPSS

OSSF Malicious Packages•added 2026/06/11 2:50 a.m.•9 views

Malicious code in express-self-destruct (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...

5.7AI score

RedHat Linux•added 2026/06/11 2:46 a.m.•6 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References7

RedHat Linux•added 2026/06/11 2:23 a.m.•7 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

7.8CVSS5.8AI score0.00319EPSS

Exploits1References7

OSV•added 2026/06/11 2:2 a.m.•8 views

MAL-2026-5542 Malicious code in india-map-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1de9d093e23698e3ad3f0336a7619bd43049d1f62b822744733a48060b51a4a package.json declares a postinstall hook that runs curl -skL...

OSSF Malicious Packages•added 2026/06/11 2:2 a.m.•15 views

Exploits0References3

Malicious code in india-map-react (npm)

6.2AI score

Exploits0References3

OSV•added 2026/06/11 1:56 a.m.•12 views

MAL-2026-5543 Malicious code in jailbreak-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...

OSSF Malicious Packages•added 2026/06/11 1:56 a.m.•9 views

Malicious code in jailbreak-code (npm)