CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Malwarebytes•added 2 days ago•4 views

Fake virus alerts are invading mobile games

Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: " Your device is infected!" " Your iCloud is full!" " Your account is restricted for watching porn!" Some games can be played for free if you agree to watch ads, and in others y...

5.7AI score

OSV•added 2026/05/26 12:3 a.m.•4 views

MAL-2026-4777 Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

5.8AI score

Cvelist•added 2026/05/24 11:15 p.m.•16 views

CVE-2026-9405 Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation o...

10CVSS0.01254EPSS

Patchstack•added 2026/05/19 12:6 p.m.•5 views

WordPress Games Catalog plugin <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Game/Post Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Games Catalog versions = 1.2.0...

4.3CVSS5.8AI score0.00016EPSS

Exploits0References1Affected Software1

The Hacker News•added 2026/05/06 8:21 p.m.•7 views

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabsv1 and targets internet-exposed devices running Android Debug Bridge ADB to enlist them in a network capable of carrying out distributed denial-of-service DDoS attacks. Hunt.io, which detailed the...

5.9AI score

HackRead•added 2026/05/06 12:13 p.m.•5 views

The “Juice” Factor: Designing Game Feel

Designing game feel requires responsive controls, hit-stop, sound, animation, and feedback systems that make gameplay satisfying...

5.8AI score

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00066EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в firefox

If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...

6.5CVSS6.8AI score0.00135EPSS

Exploits0References2

NVD•added 2026/05/01 9:16 p.m.•0 views

CVE-2026-7594

7.5CVSS0.00066EPSS

EUVD•added 2026/05/01 8:30 p.m.•0 views

EUVD-2026-26718

7.5CVSS5.6AI score0.00066EPSS

Vulnrichment•added 2026/05/01 8:30 p.m.•0 views

CVE-2026-7594 Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

7.5CVSS6.8AI score0.00066EPSS

Cvelist•added 2026/05/01 8:30 p.m.•22 views

CVE-2026-7594 Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

7.5CVSS0.00066EPSS

CVE•added 2026/05/01 8:30 p.m.•10 views

CVE-2026-7594

The CVE-2026-7594 affects Flux159 mcp-game-asset-gen 0.1.0. The vulnerability is in the MCP Interface component, specifically the image_to_3d_async function in src/index.ts, where manipulation of the statusFile argument leads to path traversal. It can be exploited remotely, and public exploits ex...

7.5CVSS6.8AI score0.00066EPSS

Wired Threat Level•added 2026/04/26 3:26 a.m.•4 views

California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner

A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials...

5.3AI score

Fedora•added 2026/04/24 12:55 a.m.•3 views

[SECURITY] Fedora 43 Update: minetest-5.15.2-1.fc43

Game of mining, crafting and building in the infinite world of cubic blocks w ith optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...

9.3CVSS5.2AI score0.00006EPSS

OSV•added 2026/04/23 2:16 a.m.•1 views

UBUNTU-CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

10CVSS6.2AI score0.00091EPSS

Exploits0References2

UbuntuCve•added 2026/04/23 12:0 a.m.•1 views

CVE-2026-41196

10CVSS6.1AI score0.00091EPSS

Packet Storm News•added 2026/04/23 12:0 a.m.•2 views

Strategic Heterogeneous Multi-Agent Architecture for Cost-Effective Code Vulnerability Detection

Automated code vulnerability detection is critical for software security, yet existing approaches face a fundamental trade-off between detection accuracy and computational cost. We propose a heterogeneous multi-agent architecture inspired by game-theoretic principles, combining cloud-based LLM...

5.6AI score