CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 6 days ago•7 views

MAL-2026-6202 Malicious code in ethereum-gas-reporter (npm)

5.9AI score

OSV•added 2026/06/10 6:9 p.m.•8 views

MAL-2026-5528 Malicious code in events-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...

OSSF Malicious Packages•added 2026/06/10 12:16 p.m.•9 views

Exploits0References6

Malicious code in @validate-ethereum-address/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31c6ff12976558c9f1b005e95ad8a4c3b366723f0a1409d73f904f568be326cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/10 12:16 p.m.•9 views

MAL-2026-5496 Malicious code in @validate-ethereum-address/core (npm)

vulnersOsv•added 2026/06/10 12:2 p.m.•18 views

@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)

@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5497...

OSSF Malicious Packages•added 2026/06/09 7:55 a.m.•10 views

Exploits0

Malicious code in ethereum-kit-1 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

5.4AI score

OSV•added 2026/06/09 7:55 a.m.•9 views

MAL-2026-5355 Malicious code in ethereum-kit-1 (npm)

5.4AI score

The Hacker News•added 2026/06/03 6:16 a.m.•15 views

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

6.1AI score

Exploits0

vulnersOsv•added 2026/05/29 3:59 p.m.•5 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.0) +7399 more potentially affected by CVE-2025-62718 +1 more via axios (>=1.0.0 <=1.15.2)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2025-62718, CVE-2026-44492 Source...

9.9CVSS6.5AI score0.01075EPSS

Exploits2

Packet Storm News•added 2026/05/28 12:0 a.m.•13 views

DeepFake Forensics AI: A Multi-Modal Detection and Blockchain-Anchored Evidence Management Platform

The proliferation of AI-generated synthetic media poses a critical threat to the integrity of digital evidence in legal and forensic contexts. Existing deepfake detection systems typically address a single modality and provide no mechanism for tamper-proof evidence preservation. We present DeepFa...

OSSF Malicious Packages•added 2026/05/22 1:55 a.m.•11 views

Exploits0

Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

OSSF Malicious Packages•added 2026/05/21 12:0 a.m.•11 views

Malicious code in polymarket-trading-cli (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

OSSF Malicious Packages•added 2026/05/21 12:0 a.m.•10 views

Malicious code in polymarket-terminal (npm)

OSV•added 2026/05/21 12:0 a.m.•9 views

MAL-2026-4215 Malicious code in polymarket-trade (npm)

OSV•added 2026/05/21 12:0 a.m.•5 views

MAL-2026-4217 Malicious code in polymarket-trading-cli (npm)

OSSF Malicious Packages•added 2026/05/21 12:0 a.m.•8 views

Malicious code in polymarket-claude-code (npm)