CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

109 matches found

OSV•added 2026/06/13 3:3 a.m.•10 views

MAL-2026-5727 Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

5.6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•10 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score

Exploits0References1

RedhatCVE•added 2026/02/21 1:28 a.m.•5 views

CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

9.8CVSS6.1AI score0.02628EPSS

Exploits1References1

Positive Technologies•added 2026/02/19 12:0 a.m.•7 views

PT-2026-20937

Name of the Vulnerable Software and Affected Versions RustFly version 2.0.0 Description RustFly 2.0.0 contains a command injection issue in its remote UI control mechanism. The software accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted...

9.8CVSS6AI score0.02628EPSS

Exploits1References5

CNNVD•added 2026/02/19 12:0 a.m.•5 views

Bixat RustFly 操作系统命令注入漏洞

Bixat RustFly is a cross-platform remote control tool developed by the Moroccan company Bixat. Version Bixat RustFly 2.0.0 contains a vulnerability related to operating system command injection. This vulnerability arises from the improper handling of hexadecimal-encoded commands received via UDP...

9.8CVSS5.9AI score0.02628EPSS

Exploits1References2

OSSF Malicious Packages•added 2025/11/18 11:47 p.m.•5 views

Malicious code in aws-enumerateiam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c108190780b32337fdce8748948935ac4229f0236710653f363b80a95dfbcd17 Before creating the boto3 client, package exfiltrates user's credentials. In this version, the exfiltrating is masked as connecting to an AWS component. The UR...

6.9AI score

Exploits0References1

OSV•added 2025/11/18 11:47 p.m.•2 views

MAL-2025-191686 Malicious code in aws-enumerateiam (PyPI)

6.8AI score

Exploits0References1