CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 9:35 a.m.•6 views

Malicious code in clsx-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...

OSV•added 2026/06/11 9:35 a.m.•10 views

Exploits0References2

MAL-2026-5625 Malicious code in clsx-tailwind (npm)

NCSC•added 2026/06/11 8:15 a.m.•12 views

Exploits0References2

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 2023.19, 2025.8, and earlier versions. These vulnerabilities include improper input validation, which allows arbitrary code to be executed without user interaction. There is also a path traversal vulnerability that enables...

10CVSS6.3AI score0.08871EPSS

Cvelist•added 2026/06/11 5:4 a.m.•24 views

CVE-2026-40998 Jaxp13 XPath XXE via StreamSource and SAXSource

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...

8.2CVSS0.00386EPSS

Vulnrichment•added 2026/06/11 5:4 a.m.•8 views

CVE-2026-40998 Jaxp13 XPath XXE via StreamSource and SAXSource

EUVD•added 2026/06/11 5:4 a.m.•9 views

EUVD-2026-36208

CVE•added 2026/06/11 5:4 a.m.•20 views

CVE-2026-40998

CVE-2026-40998 : Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using the JDK default DocumentBuilderFactory behavior rather than Spring’s hardened parser configuration, exposing applications that evaluate XPath against untrusted XML to XML External Entity (...

CNNVD•added 2026/06/11 12:0 a.m.•10 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

CNNVD•added 2026/06/11 12:0 a.m.•10 views

Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

6.3CVSS5.3AI score0.00207EPSS

Tenable Nessus•added 2026/06/11 12:0 a.m.•6 views

Fedora 44 : xmlstarlet (2026-dbf44e0b72)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dbf44e0b72 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...

5.6AI score

Tenable Nessus•added 2026/06/11 12:0 a.m.•7 views

Fedora 43 : xmlstarlet (2026-3c78c99467)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c78c99467 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...

5.6AI score

Snyk•added 2026/06/10 10:15 p.m.•3 views

Timing Attack

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Timing Attack through the getUserEntityByUserCredentials subroutine during authentication in the admin panel. An attacker can determine valid...

6.3CVSS5.4AI score0.00355EPSS

Exploits0References2

RedhatCVE•added 2026/06/10 9:2 p.m.•6 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS

RedhatCVE•added 2026/06/10 2:59 p.m.•5 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00253EPSS

OSSF Malicious Packages•added 2026/06/10 1:34 p.m.•11 views

Malicious code in solidity-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/10 12:41 p.m.•11 views

Malicious code in plugin-fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85454b4f6eb05f7133937ef6acbdd16ae04b31aaf2b4806bdcac1d845fb80d6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...