CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/27 6:29 p.m.•11 views

CVE-2026-42879

CVE-2026-42879 affects FacturaScripts

6.3CVSS5.8AI score0.00046EPSS

ATTACKERKB•added 2026/05/27 6:29 p.m.•5 views

CVE-2026-42879

6.3CVSS5.8AI score0.00046EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/27 5:4 p.m.•3 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00033EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/27 8:16 a.m.•7 views

CVE-2026-8832

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

8.8CVSS0.00488EPSS

Exploits2References8

EUVD•added 2026/05/27 6:46 a.m.•7 views

EUVD-2026-32100

8.8CVSS5.8AI score0.00488EPSS

Exploits2References8

OSSF Malicious Packages•added 2026/05/27 1:54 a.m.•10 views

Malicious code in quatres (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d720315dd49970cfc00c39f4e377485b2746a4fc24f42dec7e79d0749ab9a7d During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

FacturaScripts 代码问题漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia of Spain. Versions of FacturaScripts prior to 2025.81 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited file upload feature in the product image upload function. Attackers could upload PHP file...

6.3CVSS5.9AI score0.00046EPSS

CVE•added 2026/05/27 12:0 a.m.•8 views

CVE-2025-69600

CVE-2025-69600 affects RayVentory Raynet RVIA 12.6.4392.49-amd64.deb. Root cause is Argument Injection in an improperly terminated find command used to locate Java, enabling local attackers to execute arbitrary code via commands injected through getconfig, upload, or oracle options (and inventory...

7.8CVSS5.9AI score0.00074EPSS

Exploits2References3

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43573

8.8CVSS5.8AI score0.00488EPSS

Exploits2References9

Packet Storm News•added 2026/05/27 12:0 a.m.•4 views

Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE

Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...

OSSF Malicious Packages•added 2026/05/26 2:12 p.m.•8 views

Exploits0

Malicious code in datapipe-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a9da1afe75ec2379c4bade6ac5145c920900e1a1e1173d59b9003061e3fb0f The package intentionally uses the malicious binproto package deploying the malware. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/26 2:12 p.m.•6 views

MAL-2026-4820 Malicious code in datapipe-util (PyPI)

OSSF Malicious Packages•added 2026/05/26 12:30 p.m.•8 views

Malicious code in binproto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72de81f36a15d75d302ca94b378c3e5025b6d0cb2d24360d06527130ed053ebd When using the provided functionality, the code silently downloads and executes a malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OSV•added 2026/05/26 12:30 p.m.•6 views

MAL-2026-4810 Malicious code in binproto (PyPI)

OSSF Malicious Packages•added 2026/05/26 4:36 a.m.•5 views

Malicious code in helu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15a97c1f0e23d838c86d69a3ceae306071a9b4b8c17162a1f563aefe489ffbe4 During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...

OSV•added 2026/05/26 1:12 a.m.•5 views

MAL-2026-4711 Malicious code in wao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f809db41305575dc4eeed6726bdc75000e7f083dee4599ad71fd7b5eb89b2501 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — it is a 976KB Linux x86-64 ELF executable magic bytes...

6AI score

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•6 views

Malicious code in test-weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3bf1d859670570df6b5400c4ae762c8de880ada809bb4c371f32339744b8f9d Package name impersonates the legitimate weavedb-sdk; lib/index.js is a near-verbatim copy of that SDK's Arweave/Warp/EthCrypto class so the package...

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•8 views

Malicious code in weavedb-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469844df44557b10f865edf7d3d000fd90c901c6a42cc5402116247dca1528f0 package.json declares "preinstall": "./scripts/postbuild". The referenced file is not a script but a 976,568-byte UPX-packed Linux x86-64 ELF binary...