CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 6 hours ago•5 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS

EUVD•added 6 hours ago•5 views

EUVD-2026-40158

9.8CVSS5.8AI score

EUVD•added 11 hours ago•7 views

EUVD-2026-40079

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score

Exploits0References4

Nuclei•added 17 hours ago•15 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6AI score0.01623EPSS

OSV•added yesterday•6 views

MAL-2026-6561 Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c5f440b1893b0d6aad59302e3cef3c14e1ae5b51b83144474e8126b3d2f9075 This package is a modified, unofficial version of the Nvidia project https://github.com/NVIDIA/skillspector. The modification is disguised as telemetry. The...

OSV•added yesterday•7 views

Exploits0References1

MAL-2026-6560 Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

OSSF Malicious Packages•added yesterday•9 views

Malicious code in tdata-grabber (PyPI)

Nuclei•added yesterday•20 views

GeoServer WFS - XXE Processing Vulnerability

GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...

9.9CVSS5.8AI score0.49165EPSS

Exploits1References6

Nuclei•added yesterday•37 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7.1AI score0.07849EPSS

Nuclei•added yesterday•204 views

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

9.8CVSS7.3AI score0.1022EPSS

Exploits3References3

OSV•added yesterday•4 views

MAL-2026-6558 Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

OSSF Malicious Packages•added 2 days ago•12 views

Exploits0References4

Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

OSV•added 2 days ago•8 views

Exploits0References6

MAL-2026-6549 Malicious code in discord-token-generator (PyPI)

OSSF Malicious Packages•added 2 days ago•6 views

Exploits0References6

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

OSV•added 2 days ago•6 views

MAL-2026-6548 Malicious code in ts-ankle (npm)

OSSF Malicious Packages•added 2 days ago•9 views

Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

OSV•added 2 days ago•3 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)