CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/22 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

Snyk•added 2026/05/22 9:0 p.m.•8 views

Embedded Malicious Code

Snyk•added 2026/05/22 9:0 p.m.•8 views

Embedded Malicious Code

Snyk•added 2026/05/22 9:0 p.m.•10 views

Embedded Malicious Code

CNNVD•added 2026/05/11 12:0 a.m.•3 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contain security vulnerabilities. These vulnerabilities stem from the ability for CMS users to access historical reports, which may lead to the disclosure of sensitive...

4.3CVSS5.8AI score0.0003EPSS

Exploits0References1

CNNVD•added 2026/04/26 12:0 a.m.•4 views

GreenCMS 访问控制错误漏洞

GreenCMS is an open-source content management system CMS developed using ThinkPHP. Versions of GreenCMS 2.3 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the themeadd function in the...

6.5CVSS6.6AI score0.00043EPSS

Packet Storm News•added 2026/04/23 12:0 a.m.•0 views

FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings

Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...

5.5AI score

CVE•added 2026/04/21 3:34 p.m.•15 views

CVE-2025-15638

Net::Dropbear for Perl before version 0.14 includes Dropbear 2019.78 or earlier and ships libtomcrypt v1.18.1 or earlier, which are affected by CVE-2016-6129 and CVE-2018-12437. The entry ties this to CVE-2025-15638 but does not provide explicit exploitation details, affected components beyond li...

10CVSS5.8AI score0.00021EPSS

Exploits0References3Affected Software1

GithubExploit•added 2026/04/16 3:59 p.m.•100 views

cve-deep-dives

CVE Deep-Dives In-depth technical analyses of significant v...

10CVSS7AI score0.94358EPSS

Exploits355

Github Security Blog•added 2026/04/09 8:23 p.m.•9 views

Wasmtime has host panic when Winch compiler executes `table.fill`

Impact Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability i...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References4Affected Software1

The Hacker News•added 2026/03/28 3:40 p.m.•6 views

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

6AI score

Packet Storm News•added 2026/03/19 12:0 a.m.•1 views

Cross-Ecosystem Vulnerability Analysis for Python Applications

Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...

5.8AI score

NVD•added 2026/03/06 5:16 a.m.•6 views

CVE-2026-28785

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

9.8CVSS0.00078EPSS

CVE•added 2026/03/06 4:27 a.m.•14 views

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

9.8CVSS6.1AI score0.00078EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/05 9:18 p.m.•2 views

EEF-CVE-2026-21622 Password Reset Tokens Do Not Expire

Summary Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a...

9.5CVSS5.7AI score0.00067EPSS

Exploits0References3

Vulnrichment•added 2026/03/05 9:18 p.m.•1 views

CVE-2026-21622 Password Reset Tokens Do Not Expire

Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...

9.5CVSS5.8AI score0.00067EPSS

Exploits0References4

OPENSUSE Linux•added 2026/02/27 12:0 a.m.•2 views

Security update for docker-stable (moderate)

openSUSE security update: security update for docker-stable ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20262-1 Rating: moderate References: bsc1250508 bsc1250596 bsc1252290 Affected Products: openSUSE Leap 16.0...

5.9AI score