CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/13 7:15 a.m.•12 views

Malicious code in postinstall-logger-7x9z (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e89b603ffc718873a9d4c42167bf0c667c995cc2547bc9b99373ad4e9f0ca1e On install, package.json's postinstall hook "postinstall": "node run.js" triggers execution of bundled beacon scripts beacon15.js and beaconlinux.js...

5.8AI score

OSV•added 2026/06/13 7:15 a.m.•5 views

MAL-2026-5738 Malicious code in postinstall-logger-7x9z (npm)

5.9AI score

OSSF Malicious Packages•added 2026/06/13 7:4 a.m.•7 views

Malicious code in node-multi-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...

OSV•added 2026/06/13 7:4 a.m.•7 views

MAL-2026-5735 Malicious code in node-multi-downloader (npm)

5.4AI score

OSSF Malicious Packages•added 2026/06/13 6:58 a.m.•8 views

Malicious code in node-app-doctor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector addccbccd4c3c52cd67098a571ed77a4f55ea2303746f421b22b5bbf175a345e collect.js gathers host identifiers via os.hostname and os.homedir, reads local filesystem state with fs.existsSync, spawns childprocess commands, an...

OSV•added 2026/06/13 6:58 a.m.•5 views

Exploits0References3

MAL-2026-5733 Malicious code in node-app-doctor (npm)

5.4AI score

Exploits0References3

OSSF Malicious Packages•added 2026/06/13 6:51 a.m.•7 views

Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

OSV•added 2026/06/13 6:51 a.m.•6 views

MAL-2026-5731 Malicious code in houzidawang807 (npm)

5.4AI score

OSV•added 2026/06/13 4:37 a.m.•8 views

MAL-2026-5729 Malicious code in houzidawang806 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...

5.5AI score

Exploits0References23

OSSF Malicious Packages•added 2026/06/13 3:8 a.m.•8 views

Malicious code in ecto_module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e66c690abd94ee498cd359eb076451c0f6ea3956d8221616bbf8990d35a38c5 On npm install, the package's preinstall hook node index.js reads /flag.txt falling back to execSync'cat /flag' and transmits the captured contents i...

5.7AI score

OSV•added 2026/06/13 3:8 a.m.•10 views

MAL-2026-5726 Malicious code in ecto_module (npm)

5.7AI score

CVE•added 2026/06/13 2:34 a.m.•27 views

CVE-2026-54231

CVE-2026-54231 affects ABRT’s post-create event handler scripts in libreport. The event script reads journal entries for the crashed process and writes results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal...

5.5CVSS5.4AI score0.00122EPSS

RedhatCVE•added 2026/06/13 2:34 a.m.•9 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00133EPSS

Exploits1References2

RedhatCVE•added 2026/06/13 2:34 a.m.•13 views

CVE-2026-54056

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker can exploit a vulnerability in the kitten dnd feature by sending a specially crafted drag-and-drop request. This allows the attacker to overwrite or truncate arbitrary files on the local system that are writable by...

7.6CVSS5AI score0.00244EPSS

Exploits1References2

SUSE CVE•added 2026/06/13 2:28 a.m.•4 views

SUSE CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00217EPSS

Exploits0References3

SUSE CVE•added 2026/06/13 2:21 a.m.•6 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00222EPSS

Exploits0References8

Fedora•added 2026/06/13 1:13 a.m.•13 views

[SECURITY] Fedora 44 Update: collectd-5.12.0-64.fc44

collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files...

EUVD•added 2026/06/13 12:34 a.m.•7 views

Exploits0

EUVD-2026-36606

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

5.4AI score0.00106EPSS