CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added last week•32 views

CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS0.00266EPSS

ATTACKERKB•added last week•5 views

CVE-2026-56208

7.6CVSS6.2AI score0.00269EPSS

RedhatCVE•added last week•10 views

CVE-2026-56208

7.6CVSS6.2AI score0.00269EPSS

RedhatCVE•added last week•14 views

CVE-2026-56209

7.1CVSS6AI score0.00266EPSS

CVE-2023-54353

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...

NVD•added last week•10 views

CVE-2016-20095

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS0.00119EPSS

Exploits0References3

NVD•added last week•8 views

CVE-2020-37250

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...

8.5CVSS0.00119EPSS

Exploits0References3

CVE-2016-20092

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

NVD•added last week•8 views

CVE-2016-20089

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS0.00122EPSS

CVE-2016-20088

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...

NVD•added last week•8 views

CVE-2016-20090

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

8.5CVSS0.00122EPSS

OSV•added 2026/06/19 3:13 p.m.•5 views

MAL-2026-6213 Malicious code in @bytemend/mfebus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...

6AI score

Exploits0References6

OSSF Malicious Packages•added 2026/06/19 3:12 p.m.•5 views

Malicious code in @briskforge/envcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...

OSSF Malicious Packages•added 2026/06/19 3:12 p.m.•10 views

Malicious code in @apexcraft/nano-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...

6.7AI score

Exploits0References9

OSV•added 2026/06/19 3:12 p.m.•5 views

MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)

6.7AI score

Exploits0References9

OSSF Malicious Packages•added 2026/06/19 3:3 p.m.•6 views

Malicious code in @apiwizards/auth-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 718ca10ce0670edf6756b4ff0bd05e43526ebd516396a34074acf844116e7254 @apiwizards/[email protected] ships a single heavily obfuscated index.js obfuscator.io string-array with 317 entries, RC4+base64 decoder,...

OSV•added 2026/06/19 3:3 p.m.•6 views

Exploits0References2

MAL-2026-6211 Malicious code in @apiwizards/auth-middleware (npm)

OSSF Malicious Packages•added 2026/06/19 3:0 p.m.•8 views

Exploits0References2

Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...