CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Malicious Package

Overview @car-loans/general-feature-toggles is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/01 10:14 p.m.•10 views

Malicious code in oracle-lag-sniper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 052e2309a320b056b5a959c33b703d819b1fa2ce9b2647d250bc612d25bae9c9 When using the package, it exfiltrates sensitive environmental variables targeting Polymarket keys to the target controlled via a Polymarket's user profile. Th...

5.9AI score

Exploits0References3

CNNVD•added 2026/04/03 12:0 a.m.•4 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.33.4 contained a security vulnerability. This vulnerability stemmed from the SSRF...

9.9CVSS5.8AI score0.00014EPSS

Exploits1References4

CNNVD•added 2026/02/17 12:0 a.m.•4 views

IBM Db2 安全漏洞

IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a security vulnerability. This vulnerability...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:41 a.m.•7 views

CVE-1999-0706

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables...

7.5CVSS7AI score0.00862EPSS

Exploits0References1

Snyk•added 2026/01/01 6:32 a.m.•1 views

Exposure of Sensitive Information Through Environmental Variables

Overview gac is a LLM-powered Git commit message generator with multi-provider support Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the show function, which shows all environment variable values without redaction...

2.4CVSS6.8AI score

Exploits0References3

NVD•added 2025/12/16 5:16 p.m.•5 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00775EPSS

Exploits1References4

Cvelist•added 2025/12/16 5:6 p.m.•27 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

9.8CVSS0.00775EPSS

Exploits1References4

NVD•added 2025/12/08 10:15 p.m.•1 views

CVE-2025-36017

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

6.5CVSS0.00034EPSS

Exploits0References1