CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1712 matches found

OSV•added 2026/05/23 11:13 a.m.•3 views

MAL-2026-4374 Malicious code in @budetzzgantenk/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/22 6:25 a.m.•6 views

Malicious code in bingocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bb3ff21cce9379a60d3ebe3408d8c179e39cfd940eed6deb4afb2f28d852254 package.json declares bin.claude = bin/claude-win.cjs and bin.claude-linux = bin/claude under a non-Anthropic publisher Leanchy. On npm i -g bingocod...

5.8AI score

Exploits0References1

OSV•added 2026/05/22 1:16 a.m.•2 views

MAL-2026-4388 Malicious code in @exocore/exocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...

5.8AI score

Exploits0References3

Tenable Nessus•added 2026/05/22 12:0 a.m.•11 views

Unity Linux 20.1070e Security Update: nekohtml (UTSA-2026-016755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016755 advisory. org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when...

7.5CVSS6.8AI score0.00454EPSS

Exploits0References4

OSSF Malicious Packages•added 2026/05/21 9:13 a.m.•5 views

Malicious code in @hanssoft/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f83fb38a98b69c322df069a26c495101aa35682df8f83641b00e2ce40a99bd This package is a fork of the WhatsApp library Baileys whose metadata homepage, repository, author points at the upstream @whiskeysockets/baileys,...

5.9AI score

Exploits0References1

OSV•added 2026/05/21 9:13 a.m.•2 views

MAL-2026-4392 Malicious code in @hanssoft/baileys (npm)

5.9AI score

Exploits0References1

OSV•added 2026/05/21 1:33 a.m.•2 views

MAL-2026-4470 Malicious code in @zentrix23/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00e60d3c1f2afd09e236dc4a5ae0cf2373029e6c62c4f7a9c571b13c2da01cd7 This package is a fork of @whiskeysockets/baileys with an undocumented modification: inside makeNewsletterSocket called unconditionally by...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 1:33 a.m.•7 views

Malicious code in @zentrix23/baileys (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/20 5:29 p.m.•2 views

MAL-2026-4773 Malicious code in vlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 5:29 p.m.•4 views

Malicious code in vlifegram (PyPI)

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 2:11 p.m.•6 views

Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

5.8AI score

Exploits0References4

OSV•added 2026/05/20 1:3 p.m.•7 views

MAL-2026-4400 Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

5.8AI score

Exploits0References9

The Hacker News•added 2026/05/20 12:51 p.m.•14 views

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/05/20 12:27 p.m.•5 views

Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

5.8AI score

Exploits0References1

OSV•added 2026/05/20 12:27 p.m.•4 views

MAL-2026-4619 Malicious code in naileys (npm)

5.8AI score

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to encounter a zero entry while traversing the vmas in unusemm called from the swapoff path. Accessing this zero entry can result in an OOPS erro...

5.7AI score0.0003EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: RISCV: Process: Fix kernel information leakage The s12 element of the threadstruct may contain random kernel memory contents, which could potentially be leaked to the user space. This is a security flaw. To address this issue,...

7.1CVSS5.8AI score0.00064EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fork: Invoke khugepaged and ksm hooks only if there is no error. There is no reason to invoke these hooks early on an MM that is in an incomplete state. The change in commit d24062914837 “fork: use mtdup to duplicate the maple tr...

5.5CVSS6.2AI score0.00035EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/uffd: fixed the pte marker when using fork without a fork event. The patch series “mm: Fixes on pte markers”. Patch 1 resolves the issue reported by Pengfei. Patch 2 further strengthens the pte markers when used with the...

5.5CVSS6.3AI score0.00042EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/20 12:24 a.m.•6 views

Malicious code in @tailwind-core/postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dab944715339b0fabcf954a92fd33faacbb4d878368c36ea5a7d26d72fe2e56 Package name @tailwind-core/postcss is a one-character-class edit of the official @tailwindcss/postcss Tailwind CSS v4 PostCSS plugin, published unde...

5.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by