CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1529 matches found

HackRead•added 2025/12/02 4:34 p.m.•4 views

NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

North Korean hackers escalated the "Contagious Interview" attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests...

7AI score

Exploits0

Snyk•added 2025/11/30 1:14 p.m.•2 views

Malicious Package

Overview chai-async is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score

Exploits0References3

CNNVD•added 2025/11/29 12:0 a.m.•2 views

AIS-catcher 安全漏洞

AIS-catcher is an AIS receiver from Jasper Personal Developers. A security vulnerability exists in AIS-catcher versions prior to 0.64, which stems from a heap buffer overflow in the AIS::Message class that could lead to arbitrary data writes...

9.8CVSS7AI score0.00091EPSS

Exploits1References3

CNNVD•added 2025/11/29 12:0 a.m.•3 views

AIS-catcher 数字错误漏洞

AIS-catcher is an AIS receiver from Jasper Personal Developers. A numeric error vulnerability exists in AIS-catcher versions prior to 0.64, which stems from an integer overflow in the MQTT parsing logic that could lead to a denial of service and memory corruption...

8.8CVSS6.7AI score0.00758EPSS

Exploits1References3

Packet Storm News•added 2025/11/25 12:0 a.m.•2 views

TOR Virtual Network Tunneling Tool 0.4.8.21

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

6.7AI score

Exploits0

OSV•added 2025/11/20 10:25 p.m.•2 views

MAL-2025-191772 Malicious code in kdewebhelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...

7.5AI score

Exploits0References1

CNVD•added 2025/11/10 12:0 a.m.•3 views

Apple macOS Sequoia Permission Issues Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from a privilege issue vulnerability that can be exploited by an attacker to cause a malicious app to gain root privileges...

7.8CVSS6.4AI score0.00018EPSS

Exploits0References1

The Hacker News•added 2025/11/03 6:8 p.m.•6 views

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang version 0.0.7, was first published on October 31, 2025, ...

7.5AI score

Exploits0

HackRead•added 2025/10/31 9:32 p.m.•7 views

Russia Arrests Meduza Stealer Developers After Government Hack

Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group's ‘fatal error’ led to the crackdown on domestic cybercrime...

7AI score

Exploits0

Securelist•added 2025/10/28 3:0 a.m.•5 views

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Introduction Primarily focused on financial gain since its appearance, BlueNoroff aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444 has adopted new infiltration strategies and malware sets over time, but it still targets blockchain developers, C-level executives, and...

7.7AI score

Exploits0

Fedora•added 2025/10/19 2:41 a.m.•4 views

[SECURITY] Fedora 42 Update: python3.9-3.9.24-1.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

7.5CVSS7.2AI score0.01007EPSS

Exploits0

Wiz blog•added 2025/10/17 12:30 p.m.•3 views

The Foundation Modern AppSec Is Still Missing: Code to Cloud, Rebuilt the Right Way

See every risk, from the first line of code to what’s running in production. No resource tagging. No CI/CD hacks. Just automatic, reliable traceability both developers and security teams can act on...

7.1AI score

Exploits0