CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added last week•14 views

uv is vulnerable to arbitrary file write through entry point names

6.2AI score

Exploits0References2Affected Software1

CVE•added 2026/05/28 2:28 p.m.•12 views

CVE-2026-44358

The CVE-2026-44358 affects Espressif Shared GitHub DangerJS, a reusable GitHub Action for Espressif projects. Before 1.0.1, the action’s entrypoint.sh invoked DangerJS from the caller’s workspace after copying the fork’s checkout, creating an untrusted search path for binary and Node.js module re...

8.2CVSS6AI score0.00029EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...

4.1CVSS5.9AI score0.00013EPSS

Exploits0References4

CNNVD•added 2026/05/26 12:0 a.m.•6 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

5.9CVSS5.8AI score0.00015EPSS

Exploits1References2

EUVD•added 2026/05/11 6:31 p.m.•6 views

EUVD-2026-29109

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

5.8AI score0.00035EPSS

RubySec•added 2026/05/08 12:0 a.m.•6 views

view_component - System Test Entry Point Path Check Allows Sibling Directory Escape

The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-route scope...

7.5CVSS5.8AI score0.00015EPSS

Exploits1References1Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•0 views

Astra Linux - уязвимость в edk2

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...

9.8CVSS7AI score0.00064EPSS

EUVD•added 2026/04/22 3:31 p.m.•2 views

EUVD-2026-24844

In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 "s390/bp: remove TIFISOLATEBP", all entry handlers loaded r12 with the current task pointer lg %r12,LCCURRENT for use by the BPENTER/BPEXIT macros. That...

5.6AI score0.00015EPSS

Exploits0References6

EUVD•added 2026/04/22 3:31 p.m.•1 views

EUVD-2026-24797

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

5.6AI score0.00015EPSS

Exploits0References6

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34363

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contexts arr0 Multiple sysfs command paths dereference contexts arr0 without first verifying that kdamond-contexts-nr == 1. A user can set nr contexts to 0 via sysfs while DAMON ...

5.6AI score0.00015EPSS

Exploits0References6

CNNVD•added 2026/04/22 12:0 a.m.•5 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uncleaned state of the r12 register at the kernel’s entry point, potentially leading to inconsisten...

5.5CVSS6AI score0.00015EPSS

OSSF Malicious Packages•added 2026/04/14 10:23 a.m.•2 views

Malicious code in gate-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 720c6a00b12826104b04d6b90dc651d5c669532946a36d8c36e3dff5fd5edb6d Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

OSV•added 2026/04/13 1:0 p.m.•1 views

MAL-2026-2571 Malicious code in hiveos-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc412fc6f4c4059bbea28f3aa4ff430b5cc0405b6117995d8b401be1ed514932 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

OSV•added 2026/03/29 6:44 p.m.•0 views

MAL-2026-2294 Malicious code in hiveos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

OSSF Malicious Packages•added 2026/03/27 4:50 p.m.•4 views

Malicious code in copytrading (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00e18dbfb3978939790912c09da21fd43b670c4017c160002bb5fc534164e577 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

OSSF Malicious Packages•added 2026/03/27 4:47 p.m.•2 views

Malicious code in metamask-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...