CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1080251 matches found

OSSF Malicious Packages•added 3 days ago•12 views

Malicious code in uprobe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6d0df66bf8ff6eaf447d14185b7df7a06bafc9cea9de3611a2dcc594cf97ec3 Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score

Exploits0References5

OSV•added 3 days ago•5 views

MAL-2026-5290 Malicious code in cmd2func (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c56f23d1c59dd91728afaa8ae022f711a719574aeeabc0e2eee8f5d93dd30d21 Versions 0.2.2, 0.2.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score

Exploits0References5

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...

5.5AI score

Exploits0References6

OSV•added 3 days ago•3 views

MAL-2026-5316 Malicious code in gpsea (PyPI)

The package gpsea version 0.9.14 contains a malicious .pth file gpsea-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated JavaScrip...

5.5AI score

Exploits0References6

OSV•added 3 days ago•2 views

MAL-2026-5321 Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6b28e6bb345bcdb4726198079a56fcbbb0e73d4d2309c1927c0c8803d515232f Versions 3.3.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score

Exploits0References4

OSV•added 3 days ago•6 views

MAL-2026-5281 Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4396c593615517f1abf374bf3621ad44a9d0b5c540aaf8c8e101cd4954f7d7be Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score

Exploits0References5

GithubExploit•added 3 days ago•49 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00081EPSS

Exploits1

GithubExploit•added 3 days ago•36 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE Python implementation of Apache ActiveMQ...

10CVSS7.3AI score0.94436EPSS

Exploits31

NVD•added 3 days ago•8 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00358EPSS

Exploits1References10

OSV•added 3 days ago•4 views

MINI-63MP-MPMC-H84W

Bulletin has no description...

6.5CVSS5.2AI score0.00011EPSS

Exploits0

OSV•added 3 days ago•2 views

MINI-WR7W-HP5H-8HHX

Bulletin has no description...

5.3CVSS5.2AI score0.00038EPSS

Exploits0