CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

162 matches found

OSV•added 2026/05/20 2:48 a.m.•3 views

MAL-2026-4465 Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

6.4AI score

Exploits0References1

vulnersOsv•added 2026/05/08 8:25 p.m.•4 views

ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +87 more potentially affected by CVE-2026-8178 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.2.1)

com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =6.6.0-spark3.5 and more Source cves: CVE-2026-8178 Source advisory:...

9.2CVSS5.8AI score0.00029EPSS

Exploits0

vulnersOsv•added 2026/05/01 12:30 p.m.•7 views

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2592 more potentially affected by CVE-2026-42404 via org.apache.neethi:neethi (>=2.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42404 Source advisory: OSV:GHSA-287C-FXR7-3W6C...

7.2CVSS5.8AI score0.00045EPSS

Exploits0

Vulnrichment•added 2026/04/24 5:38 p.m.•0 views

CVE-2026-42035 Axios: Header Injection via Prototype Pollution

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.6AI score0.00047EPSS

Exploits1References1

vulnersOsv•added 2026/04/22 5:34 p.m.•2 views

011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +11272 more potentially affected by CVE-2026-41240 via dompurify (>=0.6.6 <=3.3.3)

dompurify NPM version =0.6.6, =3.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...

6.1CVSS5.8AI score0.00017EPSS

Exploits1

OSSF Malicious Packages•added 2026/04/20 8:12 a.m.•2 views

Malicious code in moonbit-locale-compat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

5.9AI score

Exploits0References3

vulnersOsv•added 2026/04/17 3:31 p.m.•3 views

ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

7CVSS5.8AI score0.00006EPSS

Exploits0

vulnersOsv•added 2026/04/15 7:24 p.m.•3 views

@amedia/brick-mcp (>=0.0.0-vBRAND-20260313141110 <=1.0.3), @anarchitects/auth-nest (>=0.0.1 <=3.0.1) +265 more potentially affected by CVE-2025-32442 +1 more via fastify (>=5.3.2 <=5.8.4)

fastify NPM version =5.3.2, =0.0.0-vBRAND-20260313141110, =0.0.1, =2.0.1, =1.1.1, =0.6.2, =0.1.1, =0.1.1, =0.6.0, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.0.57 and more Source cves: CVE-2025-32442, CVE-2026-33806 Source advisory: OSV:GHSA-247C-9743-5963...

7.5CVSS7.1AI score0.00107EPSS

Exploits1

vulnersOsv•added 2026/04/12 11:0 a.m.•4 views

cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-starter (>=1.6.9.1 <=1.8.4.0), cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-test (>=1.6.9.1 <=1.7.2.3) +36 more potentially affected by CVE-2026-6125 via org.dromara.warm:warm-flow-plugin-modes-sb (>=1.3.4 <=1.8.5)

org.dromara.warm:warm-flow-plugin-modes-sb MAVEN version =1.3.4, =1.6.9.1, =1.6.9.1, =1.6.8.1, =4.0.0, =2025.13.0, =2025.3.2, =1.6.6, =1.8.4 - org.dromara.warm-flow-mybatis-flex:warm-flow-mybatis-flex-sb-test =1.6.6 and more Source cves: CVE-2026-6125 Source advisory:...

6.5CVSS6.5AI score0.00019EPSS

Exploits0

vulnersOsv•added 2026/04/10 6:31 p.m.•7 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7151 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =3.0.0, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisory: OSV:GHSA-445C-VH5M-36RJ...

7.5CVSS5.8AI score0.00034EPSS

Exploits0

vulnersOsv•added 2026/04/08 7:23 p.m.•3 views

aac (>=0.4.24 <=0.5.21), aac-gen-gherkin (>=0.1.0 <=0.1.4) +1597 more potentially affected by CVE-2026-39892 via cryptography (>=45.0.0 <=46.0.6)

cryptography PYPI version =45.0.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =2.4.119, =0.10.2.4rc3, =3.2.1, =0.3.4, =0.0.2, =0.0.6, =7.13.1, =7.14.0 and more Source cves: CVE-2026-39892 Source advisory: OSV:GHSA-P423-J2CM-9VMQ...

9.8CVSS5.8AI score0.00023EPSS

Exploits0

vulnersOsv•added 2026/03/27 3:29 p.m.•3 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-28786 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-28786 Source advisory: SNYK:PYTHON-OPENWEBUI-15855399...

4.3CVSS5.8AI score0.00037EPSS

Exploits1

vulnersOsv•added 2026/03/26 9:57 p.m.•4 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...

7.5CVSS5.8AI score0.00081EPSS

Exploits1

vulnersOsv•added 2026/03/25 9:27 p.m.•3 views

com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.0 <=4.1.0), com.weibo:rill-flow-service (>=0.1.3 <=0.1.18) +159 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=0.12.1 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =0.12.1, =3.8.0, =0.1.3, =4.0.0-alpha1, =1.9.0, =0.0.10, =0.2.1, =0.6.2, =0.6.2, =0.80.0, =0.80.0, =0.19.0, =2.5.0, =1.9.0, =1.9.0, =2.3.0 and more Source cves: CVE-2026-33701 Source advisory: OSV:GHSA-XW7X-H9FJ-P2C7...

9.8CVSS5.8AI score0.00214EPSS

Exploits1

vulnersOsv•added 2026/03/25 8:5 p.m.•0 views

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2417 more potentially affected by CVE-2026-33699 via pypdf (>=3.10.0 <=6.9.1)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.4.1, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =1.2.32, =2.0.2 and more Source cves: CVE-2026-33699 Source advisory: OSV:GHSA-87MJ-5GGW-8QC3...

8.2CVSS5.8AI score0.00018EPSS

Exploits0

vulnersOsv•added 2026/03/20 3:57 p.m.•2 views

axondeepseg (>=5.0.2 <=5.5.0rc2), bids-manager (>=0.1.0 <=0.2.5) +24 more potentially affected by CVE-2026-32711 via pydicom (>=3.0.0rc1 <=3.0.1)

pydicom PYPI version =3.0.0rc1, =5.0.2, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.8, =1.2.0, =1.2.3 and more Source cves: CVE-2026-32711 Source advisory: OSV:GHSA-V856-2RF8-9F28...

7.8CVSS5.8AI score0.00008EPSS

Exploits1

vulnersOsv•added 2026/03/19 7:13 p.m.•6 views

com.codbex.atlas:codbex-atlas-application (>=2.62.0 <=2.107.0), com.codbex.gaia:codbex-gaia-application (>=2.61.0 <=2.64.0) +22 more potentially affected by CVE-2026-33349 via org.webjars.npm:fast-xml-parser (>=4.5.3 <=5.2.5)

org.webjars.npm:fast-xml-parser MAVEN version =4.5.3, =2.62.0, =2.61.0, =2.52.0, =2.52.0, =2.51.0, =2.51.0, =3.6.0, =2.50.0, =5.0.0, =5.0.0, =11.58.0, =12.2.0, =11.58.0, =11.58.0, =11.48.2, =12.1.0 and more Source cves: CVE-2026-33349 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15699648...

5.9CVSS5.8AI score0.00039EPSS

Exploits1

vulnersOsv•added 2026/03/18 8:7 p.m.•5 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.8.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +235 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=0.0.1 <=6.8.2)

ca.uhn.hapi.fhir:org.hl7.fhir.convertors MAVEN version =0.0.1, =4.0.0, =5.6.5, =4.1.0, =4.0.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...

7.5CVSS5.8AI score0.00046EPSS

Exploits0

vulnersOsv•added 2026/03/11 8:43 p.m.•4 views

@aabelmann/ui-layer (=0.0.1), @adinvadim/convex-vue (>=1.1.0 <=1.3.0) +742 more potentially affected by CVE-2026-30226 via devalue (>=4.0.1 <=5.6.3)

devalue NPM version =4.0.1, =1.1.0, =1.0.4, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.3.0, =0.5.7, =0.0.1-beta.3, =0.0.1-alpha.1, =0.0.17, =0.0.18 and more Source cves: CVE-2026-30226 Source advisory: SNYK:JS-DEVALUE-15467451...

7.5CVSS5.8AI score0.00143EPSS

Exploits0

vulnersOsv•added 2026/03/03 9:35 p.m.•3 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32896 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32896 Source advisory: OSV:GHSA-5MX2-2MGW-X8RM...

6.5CVSS5.8AI score0.00065EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by