CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/04/24 9:29 a.m.•5 views

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code VS Code tunnels for remote access. Zscaler ThreatLabz, which...

5.8AI score

Circl•added 2026/04/24 5:19 a.m.•2 views

GHSA-RP42-5VXX-QPWR

creationtimestamp| type| source ---|---|--- 2026-04-24 05:19:04+00:00| seen| Telegram/cyG2ZGhRnNebdsiXH3f8wG9rKkH4KFMg55z2RECZJhW1k7c...

Circl•added 2026/04/24 5:18 a.m.•0 views

GHSA-CVQ5-HHX3-F99P

creationtimestamp| type| source ---|---|--- 2026-04-24 05:18:58+00:00| seen| Telegram/kIuLSWSF-lSSH53f04z2OEjKv8ykvXtTNiYc9dOAOt4c...

Snyk•added 2026/04/24 2:36 a.m.•3 views

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the Slack thread context. An attacker can inject unauthorized messages into the agent context by replying to allowlisted users in Slack threads, thereby...

5.4CVSS5.4AI score0.00017EPSS

Chainguard•added 2026/04/24 1:17 a.m.•3 views

GHSA-P49J-V9WC-WG57 vulnerabilities

Vulnerabilities for packages: openbao...

5.7AI score

Positive Technologies•added 2026/04/24 12:0 a.m.•3 views

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

7.4CVSS5.3AI score0.00044EPSS

Exploits1References11

Circl•added 2026/04/23 11:27 p.m.•0 views

GHSA-3QPV-XF3V-MM45

creationtimestamp| type| source ---|---|--- 2026-04-23 23:27:16+00:00| seen| Telegram/IhrbuMncMOQ2aXKn55DBnsRKZnrdzyQXI4i7tcZ3JysOVtE...

RedhatCVE•added 2026/04/23 11:20 p.m.•1 views

CVE-2026-40161

A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token such as a GitHub...

7.7CVSS5.7AI score0.00037EPSS

Exploits0References6

Circl•added 2026/04/23 9:26 p.m.•1 views

GHSA-F228-CHMX-V6J6

creationtimestamp| type| source ---|---|--- 2026-04-23 21:26:14+00:00| published-proof-of-concept| Telegram/LhBAsLXZuywUMfmIXbSwPnWzjb6RJaoGfmWe6gs8QchtB8o...

Snyk•added 2026/04/23 3:7 p.m.•2 views

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

5.3CVSS5.4AI score0.00011EPSS

Wolfi•added 2026/04/23 1:48 p.m.•8 views

GHSA-PG25-7CX5-CVCM vulnerabilities

Vulnerabilities for packages: python...

5.7AI score

The Hacker News•added 2026/04/23 1:42 p.m.•4 views

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version appears to be @bitwarden/[email protected]...

6.2AI score

Chainguard•added 2026/04/23 1:17 p.m.•4 views

GHSA-CCCX-M78H-M3XW vulnerabilities

Vulnerabilities for packages: python...

5.7AI score

HackRead•added 2026/04/23 10:20 a.m.•6 views

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

5.8AI score

Circl•added 2026/04/23 9:30 a.m.•1 views

CVE-2026-41640

creationtimestamp| type| source ---|---|--- 2026-04-23 09:30:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-41640.yaml 2026-04-24 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeo6kxw2t 2026-05-07...

8.8CVSS5.8AI score0.04817EPSS

Exploits1References4

Circl•added 2026/04/23 7:48 a.m.•1 views

CVE-2025-59136

creationtimestamp| type| source ---|---|--- 2026-04-23 07:48:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-59136.yaml 2026-04-24 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeoldbm2x...

5.3CVSS4.8AI score0.00205EPSS

SUSE CVE•added 2026/04/23 1:23 a.m.•3 views

SUSE CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00047EPSS

Exploits0References3

Snyk•added 2026/04/22 10:0 p.m.•3 views

Embedded Malicious Code

Overview @bitwarden/cli is an A secure and free password manager for all of your devices. Affected versions of this package are vulnerable to Embedded Malicious Code included in a compromised release that is suspected to be part of the Checkmarx April compromise. The payload is delivered via...

9.8CVSS5.4AI score

Wolfi•added 2026/04/22 8:0 p.m.•5 views

GHSA-39Q2-94RC-95CP vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse...

5.4AI score