CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

588843 matches found

OSSF Malicious Packages•added 2026/06/09 5:40 p.m.•8 views

Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:40 p.m.•6 views

MAL-2026-5416 Malicious code in @klapp-otp/routes (npm)

5.5AI score

Exploits0References2

GithubExploit•added 2026/06/09 5:37 p.m.•48 views

Exploit for CVE-2026-52885

TOCTOU: HMAC Checks Disk, Executes from Memory Notepad++ v8...

5.9AI score0.00024EPSS

Exploits1

Ubuntu•added 2026/06/09 5:28 p.m.•8 views

USN-8415-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00573EPSS

Exploits0

OSV•added 2026/06/09 5:28 p.m.•4 views

USN-8415-1 vim vulnerabilities

7CVSS5.8AI score0.00573EPSS

Exploits0References3

OSV•added 2026/06/09 5:27 p.m.•5 views

MAL-2026-5455 Malicious code in uipath-sugar-sell (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70cd5d70323e92395a2ea8f61a4089f1cca94e4bb81a7cad1375ae47d3461e6f Package [email protected] exhibits the canonical dependency-confusion shape: an internal-sounding name targeting a UiPath/SugarSell namespace,...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/09 5:25 p.m.•9 views

Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

6AI score

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•6 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS

Exploits0References5

NVD•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS0.00913EPSS

Exploits0References4

NVD•added 2026/06/09 5:17 p.m.•6 views

CVE-2026-48574

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...

7.8CVSS0.00362EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•7 views

CVE-2026-48300

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•5 views

CVE-2026-48563

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS0.00456EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•6 views

CVE-2026-48301

5.4CVSS0.00224EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•6 views