CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 3 hours ago•3 views

Malicious code in checkmarx-claude-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cbdcac8329a6ad9662ef7af8e0f68cd616f5451dc0a1fce9d2bcab5a7943c8a Package name and description impersonate the Checkmarx security vendor checkmarx-claude-cache, "Checkmarx caching setup for Claude Fable access" but...

6AI score

OSV•added 3 hours ago•2 views

MAL-2026-6576 Malicious code in checkmarx-claude-cache (npm)

6AI score

The Hacker News•added 3 hours ago•6 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score

Exploits0

OSSF Malicious Packages•added 3 hours ago•3 views

Malicious code in int_sezzle_sfra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16242285e7dabb5a109f61e97ab52c05ad80ea9b8f326a706c3228268536e80d package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host reconnaissance from the installer...

5.8AI score

OSV•added 3 hours ago•2 views

MAL-2026-6577 Malicious code in int_sezzle_sfra (npm)

5.8AI score

Cvelist•added 4 hours ago•6 views

CVE-2026-13538 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection

6.5CVSS

CVE•added 4 hours ago•8 views

CVE-2026-13538

The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...

ATTACKERKB•added 4 hours ago•7 views

CVE-2026-13538

EUVD•added 4 hours ago•4 views

EUVD-2026-40036

RedHat Linux•added 4 hours ago•2 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS0.00481EPSS

Exploits0References7

RedHat Linux•added 4 hours ago•1 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS0.00304EPSS

Exploits2References6

IBM Security Bulletins•added 6 hours ago•5 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.320 Vulnerability Details CVEID:CVE-2026-42009 DESCRIPTION: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Securit...

9.8CVSS7.4AI score0.01227EPSS

Exploits2Affected Software1

GithubExploit•added 6 hours ago•17 views

aysec-cheatsheets

AYSEC Security Cheatsheets A free, practical collection of...

6AI score

Exploits0

Positive Technologies•added 9 hours ago•5 views

PT-2026-53208

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1 V240425. The affected element is the function sub 401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...