CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

82199 matches found

EUVD•added 2026/05/19 9:22 a.m.•8 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS

Exploits0References1

OSV•added 2026/05/19 8:43 a.m.•5 views

BIT-FLINK-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS

Exploits0References3

RedhatCVE•added 2026/05/19 1:58 a.m.•5 views

CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

8.8CVSS6AI score0.00276EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/s2 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

Packet Storm News•added 2026/05/19 12:0 a.m.•4 views

Fifty Shades of Darknet

The Invisible Internet Project I2P is a peer-to-peer anonymous overlay network whose architecture includes a structurally distinct sublayer not characterized in existing security literature. We term this sublayer the Exclusive Network: nodes here host operational services and draw on I2P's routin...

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-plugin-zdog-svg-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

CNNVD•added 2026/05/19 12:0 a.m.•9 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

8.7CVSS6AI score0.00157EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/async-hook (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/data-set (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/f-my (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/f2-my (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•11 views

Malicious code in @antv/f2-site (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/g-plugin-canvas-path-generator (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/g-shader-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/g-webgpu-unitchart (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-webgpu (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/g (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/gatsby-theme (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/gi-assets-tugraph (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/infographic (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by