CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•4 views

MAL-2026-5131 Malicious code in @redhat-cloud-services/sources-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score

OSV•added 5 days ago•3 views

MAL-2026-5078 Malicious code in raven-i18n-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16965d1a02185ab8a7880951f6889127e66f0c1b3ffc718023ce2ac3593bffc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 5 days ago•6 views

MAL-2026-5052 Malicious code in @timelycare/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d515fabb5cd16f351ff33b669a0667cb546d3f75fd308680d21d0edbc411c60a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NCSC•added 5 days ago•8 views

Vulnerabilities in Oracle E-Business Suite components

Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...

9.9CVSS5.8AI score0.00082EPSS

EUVD•added 2026/05/27 3:33 p.m.•5 views

EUVD-2026-32278

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.8AI score0.00103EPSS

CNNVD•added 2026/05/27 12:0 a.m.•4 views

Netis AC1200 安全漏洞

The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 Router NC21 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the hardcoded root credentials stored in the /etc/shadow.sample file. The...

7.3CVSS5.8AI score0.00047EPSS

Exploits0References3

Packet Storm News•added 2026/05/26 12:0 a.m.•3 views

HammerSim: A System-Level Tool to Model RowHammer

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...

OSV•added 2026/05/25 8:9 a.m.•6 views

Exploits0

MAL-2026-4341 Malicious code in wm-plugin-set-walkme-language (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a79fac1678c77b806378e3a6a61fbe14204f4ff38758d151a231e0d990ea94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/25 8:1 a.m.•6 views

Malicious code in levex-press (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f33c109f544ebe960d2fe2880abba71a8abbbcfc1b8042ca5c5d5d9e6ac6b557 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RedhatCVE•added 2026/05/21 1:24 p.m.•4 views

CVE-2026-44076

A flaw was found in Netatalk. A local user with high privileges could exploit this vulnerability by injecting shell commands through a crafted volume path. This shell injection could lead to arbitrary code execution, allowing the attacker to gain full control over the affected system...

6.7CVSS6AI score0.00028EPSS

OSSF Malicious Packages•added 2026/05/20 12:46 a.m.•3 views

Malicious code in etherjs-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...

6.4AI score

OSV•added 2026/05/18 9:10 a.m.•4 views

MAL-2026-3828 Malicious code in validate-api-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c2249a9b57bfab0277840b52fc1774c096dd7c3022b9bd0d0ae5cfeda0b14c The package validate-api-key was found to contain malicious code. Source: ghsa-malware db221657101473a5da0e59194e2ba30d99b576faae8b3e7ff21c5d68b83ff1...

CVE•added 2026/05/17 12:11 p.m.•6 views

CVE-2018-25320

CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...

9.8CVSS6.5AI score0.00128EPSS

Exploits0References4

OSSF Malicious Packages•added 2026/05/15 11:24 a.m.•6 views

Malicious code in dowload_ebok_also_an_octopus_by_maggie_tokuda_hall_ah2ip (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8458191c9d9b588edbefd52034669969e6511810e2ebe6e187a48e4405673f1 The package dowloadebokalsoanoctopusbymaggietokudahallah2ip was found to contain malicious code. Source: ghsa-malware...

OSV•added 2026/05/15 11:24 a.m.•2 views

MAL-2026-3797 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...

OSV•added 2026/05/15 10:43 a.m.•4 views

MAL-2026-3791 Malicious code in json-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...