CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/23 1:15 p.m.•32 views

CVE-2026-9302

546669204 vps-inventory-monitoring (VpsTest Console) is affected via the VpsTest.php file’s eval usage. The vulnerability arises from manipulating the argument vf in the function eval, allowing remote code execution. Public exploit exists. The project uses a rolling release, and the CVE record do...

6.5CVSS6.3AI score0.00058EPSS

CNNVD•added 2026/05/23 12:0 a.m.•3 views

vps-inventory-monitoring 代码注入漏洞

vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...

6.5CVSS6.7AI score0.00058EPSS

OSSF Malicious Packages•added 2026/05/20 8:9 p.m.•4 views

Malicious code in @link-assistant/hive-mind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...

5.9AI score

RedhatCVE•added 2026/05/20 7:57 p.m.•4 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

8.8CVSS5.8AI score0.00085EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

7.8CVSS7.2AI score0.00632EPSS

Exploits3References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...

5.1CVSS5.9AI score0.00094EPSS

OSSF Malicious Packages•added 2026/05/20 1:9 a.m.•5 views

Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

6.2AI score

OSV•added 2026/05/19 6:58 p.m.•5 views

MAL-2026-4501 Malicious code in btd-smart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...

5.8AI score

OSSF Malicious Packages•added 2026/05/19 5:52 p.m.•6 views

Malicious code in corelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...

6AI score

NVD•added 2026/05/19 10:16 a.m.•6 views

CVE-2026-46586

8.8CVSS0.00085EPSS

ATTACKERKB•added 2026/05/19 9:41 a.m.•1 views

CVE-2026-46586

5.8AI score0.00085EPSS

Cvelist•added 2026/05/19 9:41 a.m.•34 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

0.00085EPSS

CVE•added 2026/05/19 9:41 a.m.•13 views

CVE-2026-46586

CVE-2026-46586 affects Apache OFBiz prior to 24.09.06 and is described as an Improper Control of Generation of Code (Code Injection) and Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) vulnerability. The issue enables injection/execution through Groovy code in...

8.8CVSS5.8AI score0.00085EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/19 9:41 a.m.•6 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

5.8AI score0.00085EPSS

EUVD•added 2026/05/19 9:41 a.m.•7 views

EUVD-2026-30876

7.3CVSS5.8AI score0.00085EPSS

CVE•added 2026/05/19 12:0 a.m.•7 views

CVE-2026-36827

The vulnerability CVE-2026-36827 affects Panabit PAP-XM320 (up to v7.7). The web management interface calls /usr/sbin/pappiw with user-controlled inputs and uses unsafe eval for argument processing, enabling command injection. An authenticated remote attacker with access to the management UI coul...

5.4CVSS6AI score0.0016EPSS

EUVD•added 2026/05/19 12:0 a.m.•5 views

EUVD-2026-30951

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.0016EPSS

Vulnrichment•added 2026/05/19 12:0 a.m.•5 views

CVE-2026-36827

6AI score0.0016EPSS