CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/06 12:0 a.m.•4 views

PT-2026-30746

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...

8.8CVSS5.9AI score0.0007EPSS

Exploits1References8

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There is a security vulnerability in the version of Amazon Web Services Research and Engineering Studio from March 2025 to December 1, 2025. This vulnerability stems from the...

8.8CVSS7.6AI score0.00124EPSS

Exploits1References4

Positive Technologies•added 2026/04/06 12:0 a.m.•0 views

PT-2026-30740

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

5.1CVSS6AI score0.00043EPSS

Exploits1References2

Positive Technologies•added 2026/04/06 12:0 a.m.•1 views

PT-2026-30737

5.1CVSS6AI score0.00014EPSS

Exploits1References2

The Hacker News•added 2026/04/05 6:25 p.m.•4 views

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea DPRK that began in the fall of 2025. The Solana-based...

6.1AI score

Packet Storm News•added 2026/04/04 12:0 a.m.•0 views

Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...

5.9AI score

The Hacker News•added 2026/04/03 11:4 a.m.•5 views

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...

6AI score

The Hacker News•added 2026/04/03 8:35 a.m.•5 views

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable...

6AI score

Malicious Package

Overview strapi-plugin-nordica-cms is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Snyk•added 2026/04/02 9:0 p.m.•0 views

Malicious Package

Overview strapi-plugin-nordica-deep is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-database is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

Malicious Package

Overview strapi-plugin-hextest is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren'...

Snyk•added 2026/04/02 9:0 p.m.•2 views

Malicious Package

Overview strapi-plugin-nordica-tools is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-nordica-lite is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Snyk•added 2026/04/02 9:0 p.m.•0 views

Malicious Package

Overview strapi-plugin-debug-tools is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-nordica is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren'...