CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1244 matches found

OSV•added 2026/05/20 8:0 a.m.•5 views

MAL-2026-4200 Malicious code in art-template (npm)

Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...

5.9AI score

Exploits0References3

OSV•added 2026/05/17 8:17 p.m.•5 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00054EPSS

Exploits0References25

Cvelist•added 2026/04/12 12:28 p.m.•26 views

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

8.6CVSS0.00019EPSS

Exploits0References3

Snyk•added 2026/03/27 12:46 a.m.•0 views

Malicious Package

Overview nativedep is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/03/24 12:48 p.m.•2 views

Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

Snyk•added 2026/03/24 12:48 p.m.•2 views

Malicious Package

Overview agoda-dep-confusion is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSV•added 2026/03/24 12:48 p.m.•2 views

MAL-2026-2126 Malicious code in agoda-dep-confusion (npm)

5.8AI score

Exploits0References1

Snyk•added 2026/03/06 7:14 a.m.•2 views

Malicious Package

Overview file-dep-a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score

Exploits0References2

Cvelist•added 2026/01/30 10:7 p.m.•18 views

CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow

10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling...

9.8CVSS0.00066EPSS

Exploits0References3

GithubExploit•added 2026/01/06 10:29 p.m.•123 views

Malware-Analysis-Project-SLMAIL-5.5-BOF-

Malware Analysis Project Introduction to exploit development w...

7.5AI score

Exploits0

OSV•added 2025/12/22 10:29 p.m.•2 views

MAL-2025-192693 Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

6.8AI score

Exploits0

OSSF Malicious Packages•added 2025/12/22 10:29 p.m.•5 views

Malicious code in airslate-dep-webpack (npm)

7AI score

Exploits0

EUVD•added 2025/12/22 10:29 p.m.•2 views

EUVD-2025-204768

Malicious code in airslate-dep-webpack npm...

6.6AI score

Exploits0

Github Security Blog•added 2025/10/14 9:30 p.m.•10 views

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

9.9CVSS8.2AI score0.01665EPSS

Exploits1References6Affected Software1

EUVD•added 2025/10/14 9:30 p.m.•3 views

EUVD-2025-34455

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages...

8.4CVSS6.2AI score0.01665EPSS

Exploits1References5

Cvelist•added 2025/10/14 7:31 p.m.•8 views

CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages

8.4CVSS0.01665EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views