CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/18 12:6 p.m.•10 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

7.5CVSS5.8AI score0.00227EPSS

CNNVD•added 2026/05/17 12:0 a.m.•8 views

PublicCMS 加密问题漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version PublicCMS 5.202506.d contains a security vulnerability related to encryption. This vulnerability stems from the getSignKey function in the...

6.9CVSS6AI score0.00281EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•11 views

Siemens Teamcenter XSS and Hardcoded Key Vulnerabilities (SSA-827383)

The version of Siemens Teamcenter installed on the remote host is affected by multiple vulnerabilities: - The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the...

8.7CVSS7.4AI score0.00287EPSS

OSSF Malicious Packages•added 2026/05/14 8:44 p.m.•8 views

Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/14 8:44 p.m.•6 views

Exploits0References1

MAL-2026-3743 Malicious code in sol-batch-transfer-sdk (PyPI)

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•12 views

Exploits0References1

Malicious code in prettier-lint-lenz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...

OSV•added 2026/05/14 7:25 p.m.•5 views

MAL-2026-3769 Malicious code in prettier-lint-lenz (npm)

OSV•added 2026/05/14 7:25 p.m.•4 views

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•15 views

Exploits0References4

Malicious code in rimraf-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59d88d733415216903578b3c3806d76405a23a7cca56ee355eb6725e4e930d4 [email protected] impersonates the widely-installed rimraf package index.js is a dummy stub that internally identifies itself as 'lodash-js — Just a...

OSV•added 2026/05/14 7:25 p.m.•5 views

MAL-2026-3772 Malicious code in rimraf-utils (npm)

OSSF Malicious Packages•added 2026/05/14 7:24 p.m.•9 views

Malicious code in cheerio-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d51a2885f4eaff732d1ef7ab065b04d21c59263b1212d5b92b92c87914ef879 cheerio-tool typosquats the popular cheerio HTML parser README claims 'Cheerio Tool utility helpers', keywords are 'lodash','utilities', and index.js...

OSV•added 2026/05/14 7:24 p.m.•6 views

MAL-2026-3758 Malicious code in dotenvv-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...

OSSF Malicious Packages•added 2026/05/14 6:32 p.m.•12 views

Exploits0References5

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc On load, dist/index.js unconditionally instantiates new AIServer and calls server.start at module top level no require.main === module guard, so simp...

6.4AI score

OSV•added 2026/05/14 6:32 p.m.•4 views

MAL-2026-3747 Malicious code in @aiscene/aiserver (npm)

6.5AI score

GithubExploit•added 2026/05/14 10:48 a.m.•71 views

report-anonymizer

🛡️ Report Anonymizer Local LLM anonymizer for penetration-t...

CVE•added 2026/05/14 10:35 a.m.•15 views

Exploits0

CVE-2025-68421

CVE-2025-68421 affects the Comarch ERP Optima client, which uses a hard-coded database credential that cannot be changed. A remote attacker could gain access to the database with elevated privileges and may execute system commands on the server. The issue is fixed in version 2026.4. Current explo...

8.7CVSS5.8AI score0.00229EPSS

Cvelist•added 2026/05/14 10:35 a.m.•37 views

CVE-2025-68421 Hardcoded credentials in Comarch ERP Optima

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...

8.7CVSS0.00229EPSS

Vulnrichment•added 2026/05/14 10:35 a.m.•7 views

CVE-2025-68421 Hardcoded credentials in Comarch ERP Optima

8.7CVSS5.8AI score0.00229EPSS

OSSF Malicious Packages•added 2026/05/13 5:33 a.m.•10 views

Malicious code in d4rktg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019 The library's sole authorization primitive, CustomFilters.authorize in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudousers list...