CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

vulnersOsv•added 2026/05/08 12:0 a.m.•2 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +280 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624614...

8.2CVSS5.8AI score0.00042EPSS

Exploits0

vulnersOsv•added 2026/05/05 12:34 a.m.•2 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.15.1) +8768 more potentially affected by CVE-2026-42039 via axios (>=1.0.0 <=1.15.0)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.1.0, =1.1.0, =0.1.0, =1.0.21, =0.1.4, =0.1.0, =1.0.10, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0-beta.18 and more Source cves: CVE-2026-42039 Source advisory: OSV:GHSA-62HF-57XW-28J9...

7.5CVSS5.8AI score0.00023EPSS

Exploits1

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter...

7.4CVSS6AI score0.00035EPSS

Exploits1References4

vulnersOsv•added 2026/04/24 7:20 p.m.•2 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.15.1) +8848 more potentially affected by CVE-2026-42044 via axios (>=1.0.0 <=1.15.1)

9.1CVSS5.8AI score0.00139EPSS

Exploits1

vulnersOsv•added 2026/04/22 7:22 p.m.•5 views

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +14 more potentially affected by CVE-2026-34068 via nimiq-transaction (>=0.1.0 <=0.2.0)

nimiq-transaction CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34068 Source advisory: OSV:GHSA-PF4J-PF3W-95F9...

6.8CVSS5.8AI score0.00007EPSS

Exploits0

OSV•added 2026/04/20 8:25 a.m.•2 views

MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

5.9AI score

Exploits0References3

vulnersOsv•added 2026/04/07 6:31 p.m.•6 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-27314 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-27314 Source advisory: OSV:GHSA-QXPC-96FQ-WWMG...

8.8CVSS5.8AI score0.00037EPSS

Exploits0

vulnersOsv•added 2026/04/03 2:55 a.m.•3 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41347 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41347 Source advisory: SNYK:JS-OPENCLAW-15894787...

7.1CVSS5.8AI score0.00018EPSS

Exploits0

vulnersOsv•added 2026/03/17 4:59 p.m.•3 views

io.micronaut.aws:micronaut-aws-alexa (=5.0.0-M1), io.micronaut.aws:micronaut-aws-alexa-httpserver (=5.0.0-M1) +72 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=5.0.0-M1 <=5.0.0-M13)

io.micronaut:micronaut-json-core MAVEN version =5.0.0-M1, =5.0.0-M13 is affected by a known vulnerability. The following packages have a transitive dependency on io.micronaut:micronaut-json-core and may be impacted: - io.micronaut.aws:micronaut-aws-alexa =5.0.0-M1 -...

8.2CVSS7.2AI score0.00288EPSS

Exploits1

vulnersOsv•added 2026/02/16 8:8 a.m.•2 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +144 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-services (>=1.9.0.CR1 <=26.5.3)

org.keycloak:keycloak-services MAVEN version =1.9.0.CR1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-2575 Source advisory: SNYK:JAVA-ORGKEYCLOAK-15304465https://vulners.com/snyk/SNYK:JAVA-ORG...

5.3CVSS5.8AI score0.00045EPSS

Exploits0

vulnersOsv•added 2026/02/02 6:30 a.m.•3 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +181 more potentially affected by CVE-2025-13881 via org.keycloak:keycloak-services (>=10.0.0 <=26.4.7)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

2.7CVSS5.8AI score0.00012EPSS

Exploits0

vulnersOsv•added 2026/01/19 8:8 a.m.•2 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +190 more potentially affected by CVE-2026-1190 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.3)

3.1CVSS5.8AI score0.00023EPSS

Exploits0

vulnersOsv•added 2026/01/14 4:45 p.m.•1 views

weblate-fedora-messaging (>=0.1.0 <=0.12.0), wlhosted (=2024.11.0) potentially affected by CVE-2026-21889 via weblate (>=5.12.2 <=5.14.3)

weblate PYPI version =5.12.2, =0.1.0, =0.12.0 - wlhosted =2024.11.0 Source cves: CVE-2026-21889 Source advisory: OSV:GHSA-3G2F-4RJG-9385...

7.5CVSS5.8AI score0.00051EPSS

Exploits0

vulnersOsv•added 2025/12/17 10:47 p.m.•3 views

@asherng/storybook (>=1.0.6 <=1.0.15), @asng/storybook (>=0.0.0-AddSnapshotPipeline-20240326102812 <=0.0.10) +30 more potentially affected by CVE-2025-68429 via storybook (>=8.0.10 <=8.6.14)

storybook NPM version =8.0.10, =1.0.6, =0.0.0-AddSnapshotPipeline-20240326102812, =1.5.1-canary.0, =0.4.2, =0.1.3, =1.0.0-canary.12734, =0.11.4, =0.12.4, =0.0.1-3d99df6-20260330104634, =1.0.12, =3.32.0-rc.2, =9.0.0-next.47, =7.33.6-qa-airteam-7.35.1.0, =0.0.3, =1.1.1, =2.0.0-beta.2 and more Sourc...

7.3CVSS7.1AI score0.00013EPSS

Exploits0

vulnersOsv•added 2025/12/15 12:30 p.m.•3 views

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1032 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)

org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...

7.4CVSS5.8AI score0.00038EPSS

Exploits0

vulnersOsv•added 2025/11/26 7:33 p.m.•2 views

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1665 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0 <=1.1.0)

valibot NPM version =0.31.0, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.1.1-beta.1, =4.0.2-beta.0, =9.0.0-beta-bump-wagmi-viem.2 and more Source cves: CVE-2025-66020 Source advisory: OSV:GHSA-VQPR-J7V3-HQ...

7.5CVSS5.8AI score0.00108EPSS

Exploits0

Securelist•added 2025/09/25 10:0 a.m.•4 views

Massive npm infection: the Shai-Hulud worm and patient zero

Introduction The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more...

7AI score

Exploits0

vulnersOsv•added 2025/08/14 6:52 p.m.•4 views

change-object (=0.0.0) potentially affected by unknown CVE via change-object-path (=0.0.1)

change-object-path NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on change-object-path and may be impacted: - change-object =0.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-16781...

5.8AI score

Exploits0

Packet Storm News•added 2025/05/16 12:0 a.m.•3 views

GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively...

7AI score

Exploits0

vulnersOsv•added 2024/10/11 3:30 p.m.•3 views

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2898 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

9.8CVSS7.1AI score0.92707EPSS

Exploits4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by