CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

285 matches found

OSV•added 2026/04/03 4:9 p.m.•3 views

MAL-2026-2457 Malicious code in strapi-plugin-cron (npm)

strapi-plugin-cron is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score

Exploits0References2

Github Security Blog•added 2026/03/31 11:56 p.m.•5 views

OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure

Summary The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV. Impact An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope. Affected Component...

5.9AI score

Exploits0References3Affected Software1

Snyk•added 2026/02/26 9:21 a.m.•4 views

Malicious Package

Overview magicwolf is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

9.8CVSS6.1AI score

Exploits0References2

Snyk•added 2026/02/26 9:21 a.m.•7 views

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

9.8CVSS6.1AI score

Exploits0References2

Positive Technologies•added 2026/02/17 12:0 a.m.•3 views

PT-2026-20232

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...

5.3CVSS5.8AI score0.00197EPSS

Exploits0References5

RedHat Linux•added 2026/02/12 10:32 p.m.•9 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

8.2CVSS6.9AI score0.03779EPSS

Exploits5References12

OSV•added 2026/02/12 12:10 p.m.•6 views

MAL-2026-870 Malicious code in b10connoisseur (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...

6AI score

Exploits0References1

RedHat Linux•added 2026/02/02 5:31 p.m.•4 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

8.9CVSS7.1AI score0.48666EPSS

Exploits10References23

CVE•added 2026/01/18 10:45 p.m.•16 views

CVE-2026-23626

Kimai (time-tracking app) before v2.46.0 is vulnerable to an authenticated SSTI via the export template sandbox. The export policy uses DefaultPolicy, which imposes no restrictions on Twig tags, methods, or properties, allowing an attacker with export permissions to deploy a malicious Twig templa...

6.8CVSS6.4AI score0.00389EPSS

Exploits1References4Affected Software1

RedHat Linux•added 2026/01/08 10:34 p.m.•9 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

8.9CVSS6.7AI score0.03026EPSS

Exploits14References22

RedhatCVE•added 2025/11/26 4:56 p.m.•4 views

CVE-2025-13596

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

6.9CVSS7AI score0.00334EPSS

Exploits0References1

RedHat Linux•added 2025/11/24 7:34 p.m.•6 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

9.8CVSS6.7AI score0.64893EPSS

Exploits8References14

NVD•added 2025/11/24 8:16 a.m.•5 views

CVE-2025-13596

6.9CVSS0.00334EPSS

Exploits0References1

Cvelist•added 2025/11/24 7:30 a.m.•12 views

CVE-2025-13596 Improper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6

6.9CVSS0.00334EPSS

Exploits0References1

EUVD•added 2025/11/24 7:30 a.m.•24 views

EUVD-2025-198625

6.9CVSS6.5AI score0.00334EPSS

Exploits0References2

CVE•added 2025/10/29 1:46 p.m.•14 views

CVE-2023-7324

CVE-2023-7324 : In the Linux kernel, the SCSI SES component suffers from out-of-bounds accesses due to improper handling of the addl_desc_ptr in ses_enclosure_data_process(). The issue has been fixed by sanitizing addl_desc_ptr bounds. Affected products are Linux kernel deployments using SCSI SES...

6.2AI score0.00175EPSS

Exploits0References8

RedHat Linux•added 2025/10/23 7:26 p.m.•4 views

Moderate: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

8.2CVSS6.9AI score0.01185EPSS

Exploits2References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-10428

Malware in sbrugna...

4.3CVSS5.2AI score0.00984EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views