CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/02/10 7:2 p.m.•5 views

Malicious code in lyroxpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9016ac99840c4d68028c7b724382974154c9bf75b410da9c6b4a75ff6d20b1f The package contains an embedded archive with an executable. When importing the module, the embedded archive is run as a module. Code inside extracts the...

OSV•added 2026/02/10 7:2 p.m.•3 views

MAL-2026-841 Malicious code in lyroxpy (PyPI)

OSSF Malicious Packages•added 2026/02/10 5:6 p.m.•7 views

Malicious code in search-savedsearch-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 878a9c43dd8ff489c2771eb72e59389391267772d0e64b6dea94a657d0ca7b3a The package search-savedsearch-podlet was found to contain malicious code. Source: ossf-package-analysis...

OSSF Malicious Packages•added 2026/02/10 7:25 a.m.•7 views

Exploits0

Malicious code in ntoutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15b6e8b1974bbd5ee6ee5e5abe0619080d87644b200fd8fc410f70a2f23213ff Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/02/10 7:25 a.m.•3 views

MAL-2026-823 Malicious code in ntoutils (PyPI)

OSV•added 2026/02/09 9:10 p.m.•2 views

CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

7.8CVSS6.4AI score0.00021EPSS

Exploits1References3

GithubExploit•added 2026/02/08 2:57 p.m.•124 views

picoCTF_2025_pie_time

PIE Exploit Challenge Exploiting a PIE Position Independent...

5.7AI score

Exploits0

OSV•added 2026/02/08 10:34 a.m.•6 views

MAL-2026-811 Malicious code in grokwrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2 During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry...

5.7AI score

NVD•added 2026/02/05 5:16 p.m.•5 views

CVE-2020-37129

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS0.00015EPSS

Cvelist•added 2026/02/05 4:13 p.m.•24 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

9.8CVSS0.00015EPSS

ATTACKERKB•added 2026/02/05 4:13 p.m.•3 views

CVE-2020-37129

9.8CVSS5.4AI score0.00015EPSS

Exploits0References3Affected Software1

EUVD•added 2026/02/05 4:13 p.m.•2 views

EUVD-2020-31025

9.8CVSS5.4AI score0.00015EPSS

CVE•added 2026/02/05 4:13 p.m.•8 views

CVE-2020-37129

CVE-2020-37129 affects Memu Play 7.1.3. The vulnerability is due to insecure folder permissions that let a low-privileged user modify MemuService.exe, enabling replacement with a malicious file at system restart to gain SYSTEM-level privileges. Connected sources corroborate the issue and describe...

9.8CVSS5.4AI score0.00015EPSS

NVD•added 2026/02/05 12:15 a.m.•3 views

CVE-2019-25271

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations...

8.5CVSS0.00034EPSS

NVD•added 2026/02/05 12:15 a.m.•2 views

CVE-2019-25269

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations...

8.5CVSS0.00034EPSS

NVD•added 2026/02/05 12:15 a.m.•2 views

CVE-2019-25272

TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and...

8.5CVSS0.00008EPSS

ATTACKERKB•added 2026/02/04 11:15 p.m.•6 views

CVE-2019-25288

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots...

8.5CVSS5.6AI score0.00008EPSS

Exploits0References3Affected Software1

EUVD•added 2026/02/04 11:15 p.m.•4 views

EUVD-2019-19385

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

8.5CVSS5.8AI score0.00008EPSS

Cvelist•added 2026/02/04 11:15 p.m.•29 views

CVE-2019-25273 Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path

Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and...

8.5CVSS0.00008EPSS