CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

590676 matches found

OSV•added 2026/06/14 7:30 a.m.•11 views

MAL-2026-5761 Malicious code in npm-sandbox-research-d7e8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9 Package declares a postinstall lifecycle hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon12.j...

5.4AI score

Exploits0References2

GithubExploit•added 2026/06/14 3:30 a.m.•71 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 – MCPJam Inspector Unauthenticated Remote Code...

9.8CVSS6.6AI score0.38374EPSS

Exploits29

Tenable Nessus•added 2026/06/14 12:0 a.m.•7 views

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

10CVSS6.2AI score0.00888EPSS

Exploits0References34

Positive Technologies•added 2026/06/14 12:0 a.m.•21 views

PT-2026-49109

Name of the Vulnerable Software and Affected Versions Config::IniFiles versions prior to 3.001000 Description OS command injection and file overwrite are possible through the make filehandle function. This occurs because the function uses Perl's 2-arg open to process the -file argument. If a...

8.6CVSS5.7AI score0.00618EPSS

Exploits0References15

OSSF Malicious Packages•added 2026/06/13 9:38 p.m.•13 views

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.8AI score

Exploits0References14

OSV•added 2026/06/13 9:38 p.m.•11 views

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

5.9AI score

Exploits0References14

GithubExploit•added 2026/06/13 9:21 p.m.•219 views

POC_cve_2026_35273

POCcve202635273 Universal Unauthenticated RCE via PeopleSof...

5.4AI score

Exploits0

OSV•added 2026/06/13 8:15 p.m.•10 views

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

5.6AI score

Exploits0References2

OSV•added 2026/06/13 8:13 p.m.•13 views

MAL-2026-5743 Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/13 8:13 p.m.•12 views

Malicious code in environment-gate (npm)

6AI score

Exploits0References1

GithubExploit•added 2026/06/13 6:51 p.m.•149 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

10CVSS8.6AI score0.99562EPSS

Exploits372

Debian•added 2026/06/13 5:12 p.m.•7 views

[SECURITY] [DSA 6344-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6344-1 [email protected] https://www.debian.org/security/ Andres Salomon June 13, 2026 https://www.debian.org/security/faq -...

9.6CVSS5.8AI score0.00287EPSS

Exploits0

GithubExploit•added 2026/06/13 4:2 p.m.•89 views

MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

5.5AI score

Exploits0

GithubExploit•added 2026/06/13 3:9 p.m.•92 views

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

CVE-2018-9276 — PRTG Network Monitor ⚠️ Disclaimer: This...

9CVSS8AI score0.87173EPSS

Exploits12

GithubExploit•added 2026/06/13 2:34 p.m.•86 views

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

7.3CVSS5.6AI score0.00936EPSS

Exploits1

The Hacker News•added 2026/06/13 1:23 p.m.•26 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.88171EPSS

Exploits5

Nuclei•added 2026/06/13 1:20 p.m.•9 views

Ivanti Sentry - OS Command Injection

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...

10CVSS6.2AI score0.98937EPSS

Exploits4References2

GithubExploit•added 2026/06/13 11:27 a.m.•82 views

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

9.8CVSS5.3AI score0.02163EPSS

Exploits4

GithubExploit•added 2026/06/13 11:14 a.m.•70 views

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...

7.8CVSS8.3AI score0.99981EPSS

Exploits39