CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/31 9:0 p.m.•6 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score

Snyk•added 2026/05/31 9:0 p.m.•6 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosPix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.8AI score

IBM Security Bulletins•added 2026/05/29 9:48 p.m.•11 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268 and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION:...

7.5CVSS7.2AI score0.00358EPSS

Exploits0Affected Software1

Rockylinux•added 2026/05/29 4:3 p.m.•13 views

edk2 security update

An update is available for edk2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

8.4CVSS6AI score0.00704EPSS

OSV•added 2026/05/29 12:0 a.m.•9 views

RLSA-2026:21295 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

OSV•added 2026/05/29 12:0 a.m.•10 views

RLSA-2026:21294 Important: .NET 9.0 security update

Rockylinux•added 2026/05/29 12:0 a.m.•15 views

.NET 8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

NVD•added 2026/05/28 8:16 a.m.•15 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS0.00258EPSS

Cvelist•added 2026/05/28 6:41 a.m.•34 views

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names

6.3CVSS0.00258EPSS

ATTACKERKB•added 2026/05/28 6:41 a.m.•5 views

CVE-2026-9806

6.3CVSS5.9AI score0.00258EPSS

CVE•added 2026/05/28 6:41 a.m.•17 views

CVE-2026-9806

CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...

6.3CVSS5.9AI score0.00258EPSS

GithubExploit•added 2026/05/27 8:55 p.m.•87 views

exploit-lab

Exploit Development Lab — From Stack Smash to Kernel 0-Day 20...

7.8CVSS7.1AI score0.23582EPSS

Exploits18

Wiz blog•added 2026/05/27 1:52 p.m.•10 views

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations...

5.8AI score

The Hacker News•added 2026/05/27 1:28 p.m.•19 views

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three...

5.9AI score

AlmaLinux•added 2026/05/27 12:0 a.m.•8 views

Important: .NET 8.0 security update

Wiz blog•added 2026/05/26 12:45 p.m.•12 views

Exploits0References6

State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

5.8AI score

Vulnrichment•added 2026/05/26 6:39 a.m.•9 views

CVE-2026-44469 Incorrect Default Permissions in CODESYS Development System

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.8AI score0.00105EPSS

Cvelist•added 2026/05/26 6:39 a.m.•41 views

CVE-2026-44469 Incorrect Default Permissions in CODESYS Development System

8.5CVSS0.00105EPSS