CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14963 matches found

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in eslint-plugin-executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score

Exploits0References2

OSV•added 2 days ago•3 views

MAL-2026-5260 Malicious code in mountly (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in @forjacms/client (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in eslint-plugin-executable-stories-vitest (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in awaitly-mongo (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in autotel-devtools (npm)

5.7AI score

Exploits0References2

Redos•added 2 days ago•2 views

ROS-20260605-73-0031

The vulnerability in Tomcat is related to insufficient checks on the registry. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.00082EPSS

Exploits0

Debian CVE•added 3 days ago•5 views

CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00019EPSS

Exploits0

Vulnrichment•added 3 days ago•6 views

CVE-2026-11028

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.0008EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•4 views

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

8.6CVSS6.4AI score0.00013EPSS

Exploits0References3Affected Software1

EUVD•added 4 days ago•6 views

EUVD-2026-34048

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References7

NVD•added 5 days ago•9 views

CVE-2026-10688

6.5CVSS0.00042EPSS

Exploits0References6

Cvelist•added 5 days ago•23 views

CVE-2026-10688 ahujasid blender-mcp server.py execute_blender_code code injection

6.5CVSS0.00042EPSS

Exploits0References6

ATTACKERKB•added 5 days ago•6 views

CVE-2026-10688

6.5CVSS5.9AI score0.00042EPSS

Exploits0References6

CVE•added 5 days ago•10 views

CVE-2026-10688

The CVE-2026-10688 affects the ahujasid blender-mcp project; the vulnerable component is execute_blender_code in /src/blender_mcp/server.py. Manipulating the code argument allows code injection, with remote execution possible. Public exploitation is indicated, and the project uses a rolling relea...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References6

Vulnrichment•added 5 days ago•5 views

CVE-2026-10688 ahujasid blender-mcp server.py execute_blender_code code injection

6.5CVSS5.9AI score0.00042EPSS

Exploits0References6

ATTACKERKB•added 5 days ago•6 views

CVE-2026-10616

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

5.3CVSS5.5AI score0.0003EPSS

Exploits0References6Affected Software1

CVE•added 5 days ago•7 views

CVE-2026-10616

CVE-2026-10616 affects nextlevelbuilder GoClaw up to 3.11.3. The vulnerability resides in TeamTasksTool.executeComplete (internal/tools/team_tasks_lifecycle.go), where a manipulation can lead to missing authorization. The issue can be exploited remotely and the exploit has been made publicly avai...

5.3CVSS5.5AI score0.0003EPSS

Exploits0References6

Positive Technologies•added 5 days ago•8 views

PT-2026-45876

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b Description Remote code injection is possible through the manipulation of the code argument within the execute blender code function located in the /src/blender...

6.5CVSS6AI score0.00042EPSS

Exploits0References10

EUVD•added 6 days ago•8 views

EUVD-2026-33613

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

8.8CVSS5.8AI score0.00154EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by