CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4404 matches found

OSV•added 2026/04/15 3:12 a.m.•4 views

MAL-2026-2673 Malicious code in chief-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4685fab18e6de4de4fba0c842db2c4ee4114ca7259b8339900078fec02724a39 The package chief-documentation was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/15 3:12 a.m.•7 views

Malicious code in chief-documentation (npm)

5.7AI score

Exploits0References1

ATTACKERKB•added 2026/04/15 12:22 a.m.•1 views

CVE-2025-54550

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

5.9AI score0.00579EPSS

Exploits0References3

Positive Technologies•added 2026/04/15 12:0 a.m.•1 views

PT-2026-32992

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute...

8.1CVSS6.2AI score0.00579EPSS

Exploits0References9

Github Security Blog•added 2026/04/14 10:32 p.m.•7 views

Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

7.1CVSS5.9AI score0.0032EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/14 10:32 p.m.•3 views

GHSA-PJ97-4P9W-GX3Q Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

7.1CVSS5.9AI score0.0032EPSS

Exploits0References4

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32968

7.1CVSS5.9AI score0.0032EPSS

Exploits0References5

OSV•added 2026/04/12 8:17 p.m.•2 views

MINI-HGXW-4M4F-XW67

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS

Exploits0

OSV•added 2026/04/12 8:3 p.m.•2 views

MINI-48XV-VPGM-GWQG

Bulletin has no description...

8.2CVSS5.7AI score0.00259EPSS

Exploits0

OSV•added 2026/04/12 6:25 p.m.•1 views

MINI-CP35-PJ89-39R3

Bulletin has no description...

7.5CVSS5.7AI score0.00449EPSS

Exploits0

OSV•added 2026/04/11 8:47 p.m.•1 views

MINI-MHW6-Q4PG-G962

Bulletin has no description...

8.8CVSS5.7AI score0.00532EPSS

Exploits0

OSV•added 2026/04/11 4:17 p.m.•1 views

MINI-P43P-5V5J-Q82P

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS

Exploits0

RedHat Linux•added 2026/04/11 12:50 a.m.•17 views

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...

7.5CVSS5.8AI score0.00301EPSS

Exploits1References3

CNNVD•added 2026/04/10 12:0 a.m.•7 views

GeoNode 代码问题漏洞

GeoNode is an open-source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Versions of GeoNode prior to 4.4.5 and 5.0.2 have code vulnerabilities due to insufficient validation of the docurl parameter, which may lead to server-side request forgeing attack...

6.3CVSS5.9AI score0.00222EPSS

Exploits0References4

ATTACKERKB•added 2026/04/09 5:54 p.m.•4 views

CVE-2026-39315

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in...

6.1CVSS5.9AI score0.00285EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/09 2:0 p.m.•1 views

MINI-74R4-HJH8-6JW4

Bulletin has no description...

7.7CVSS5.7AI score0.00438EPSS

Exploits1

Schneier on Security•added 2026/04/09 10:51 a.m.•6 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score

Exploits0

Cvelist•added 2026/04/07 7:50 a.m.•20 views

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS0.00269EPSS

Exploits0References7

Fedora•added 2026/04/05 1:0 a.m.•6 views

[SECURITY] Fedora 42 Update: rust-1.94.1-1.fc42

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

6.5CVSS7.1AI score0.00379EPSS

Exploits1

OSV•added 2026/04/04 2:30 p.m.•1 views

MINI-399H-RPWP-WFG9

Bulletin has no description...

7.5CVSS5.8AI score0.00283EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by