CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6672 matches found

OSV•added 2026/05/26 1:0 a.m.•5 views

MAL-2026-4722 Malicious code in weavedb-offchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•4 views

Malicious code in wdb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05323f987b64131618be124040867a2acb216aef96952a6a3dfc11c615501500 package.json declares "preinstall": "./dist/runtime.node", causing npm to spawn the shipped file as an executable on every install on Linux. Despite...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•4 views

Malicious code in warp-contracts-plugin-deploy-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•5 views

Malicious code in testnpmnmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e82942b1fcdaed1a1085ad9590ef93704e276c5c5ca1622884abac014f03980f package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte unsigned, unhashed, unversioned Linux ELF...

5.9AI score

Exploits0References1

OSV•added 2026/05/26 1:0 a.m.•3 views

MAL-2026-4691 Malicious code in testnpmnmp (npm)

5.9AI score

Exploits0References1

OSV•added 2026/05/26 12:59 a.m.•3 views

MAL-2026-4739 Malicious code in zkjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816 package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable sha256...

6.3AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 12:59 a.m.•9 views

Malicious code in zkjson (npm)

6.3AI score

Exploits0References1

NVD•added 2026/05/25 3:16 p.m.•8 views

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00015EPSS

Exploits0References3

CVE•added 2026/05/25 2:15 p.m.•11 views

CVE-2018-25359

CVE-2018-25359 affects Splinterware System Scheduler Pro 5.12. The issue is insecure file permissions enabling low-privilege users to replace the service executable (WService.exe) in the installation directory, causing a malicious binary to run with LocalSystem privileges when the service starts....

8.6CVSS5.8AI score0.00015EPSS

Exploits0References3

ATTACKERKB•added 2026/05/25 2:15 p.m.•5 views

CVE-2018-25359

8.6CVSS5.8AI score0.00015EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/25 2:15 p.m.•14 views

CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation

8.6CVSS0.00015EPSS

Exploits0References3

Vulnrichment•added 2026/05/25 2:15 p.m.•4 views

CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation

8.6CVSS5.8AI score0.00015EPSS

Exploits0References3

RedhatCVE•added 2026/05/25 12:44 p.m.•11 views

CVE-2026-48831

A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...

7.3CVSS6.2AI score0.00026EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/25 12:2 p.m.•7 views

Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score

Exploits0References1

OSV•added 2026/05/25 12:2 p.m.•5 views

MAL-2026-4349 Malicious code in clob.api (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/25 12:0 p.m.•9 views

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

5.8AI score

Exploits0References1

CNNVD•added 2026/05/25 12:0 a.m.•5 views

Splinterware System Scheduler Pro 安全漏洞

Splinterware System Scheduler Pro is a task scheduling management software from Splinterware. A security vulnerability exists in Splinterware System Scheduler Pro version 5.12, which stems from insecure file permissions and could allow a low-privileged user to elevate privileges by modifying the...

8.6CVSS5.8AI score0.00015EPSS

Exploits0References3

Positive Technologies•added 2026/05/25 12:0 a.m.•5 views

PT-2026-43212

8.6CVSS5.8AI score0.00015EPSS

Exploits0References4

OSV•added 2026/05/24 10:16 p.m.•4 views

DEBIAN-CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00026EPSS

Exploits0References1

NVD•added 2026/05/24 10:16 p.m.•9 views

CVE-2026-48831

7.3CVSS0.00026EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by