CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/06/09 5:3 p.m.•23 views

Meta to Use Off-Site Business Data for Feed and AI Personalization

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence AI chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to ma...

5.7AI score

Exploits0

OSSF Malicious Packages•added 2026/06/09 4:55 p.m.•10 views

Malicious code in tao-subnet-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...

OSV•added 2026/06/09 4:53 p.m.•5 views

MAL-2026-5458 Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...

5.7AI score

OSSF Malicious Packages•added 2026/06/09 4:53 p.m.•8 views

Malicious code in ultimate-ai-power (PyPI)

5.7AI score

RedhatCVE•added 2026/06/09 4:52 p.m.•7 views

CVE-2026-46332

A flaw was found in the Linux kernel's Greybus subsystem, specifically in the gb-beagleplay driver. The cc1352bootloaderrx function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This...

8CVSS5.5AI score0.00193EPSS

Exploits0References4

OSV•added 2026/06/09 4:31 p.m.•4 views

MAL-2026-5404 Malicious code in cubifyanything (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cab88d6047b15dbb32ca245f083a7eecd1df75ce183d47637c6c9edf5cfd0b4 cubifyanything 1.0.1 is a dependency-confusion squat shipping no real functionality top-level cubifyanything/init.py is 0 bytes and a setup.py that...

5.6AI score

Exploits0References4

EUVD•added 2026/06/09 4:22 p.m.•6 views

EUVD-2026-35703

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

5CVSS5.5AI score0.00168EPSS

CVE•added 2026/06/09 4:22 p.m.•25 views

CVE-2026-42599

CVE-2026-42599 affects Svelte SSR. Prior to version 5.55.7, using spread syntax to render attributes from untrusted data may include event handler properties in the rendered HTML, enabling attackers to inject malicious event handlers that run in victims’ browsers if JavaScript is enabled and hydr...

6.1CVSS5.5AI score0.00168EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/09 4:22 p.m.•25 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

5CVSS0.00168EPSS

Vulnrichment•added 2026/06/09 4:22 p.m.•6 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

5CVSS5.5AI score0.00168EPSS

NVD•added 2026/06/09 4:16 p.m.•8 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00253EPSS

Vulnrichment•added 2026/06/09 4:11 p.m.•7 views

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS6AI score0.00135EPSS

CVE•added 2026/06/09 4:11 p.m.•29 views

CVE-2026-24180

CVE-2026-24180 affects NVIDIA DALI. The bulletin and CVE list describe a heap-based buffer overflow in a DALI component that could enable code execution, data tampering, denial of service, and information disclosure. Affected versions are 0.0–2.0, with the security update addressing this issue in...

7.3CVSS6AI score0.00135EPSS

Cvelist•added 2026/06/09 4:11 p.m.•25 views

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS0.00123EPSS

Vulnrichment•added 2026/06/09 4:11 p.m.•7 views

CVE-2026-24181

7.3CVSS5.5AI score0.00123EPSS

CVE•added 2026/06/09 4:11 p.m.•28 views

CVE-2026-24181

CVE-2026-24181 affects NVIDIA DALI. The issue is due to improper index validation in a component, enabling a local attacker with low privileges and user interaction to potentially cause code execution, data tampering, DoS, or information disclosure. NVIDIA’s security bulletin confirms the vulnera...

7.3CVSS5.5AI score0.00123EPSS

OSSF Malicious Packages•added 2026/06/09 4:9 p.m.•8 views

Malicious code in @0xlr/sentry-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...

OSV•added 2026/06/09 4:9 p.m.•5 views

MAL-2026-5387 Malicious code in @0xlr/sentry-web (npm)

OSSF Malicious Packages•added 2026/06/09 4:7 p.m.•10 views

Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...