CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/21 9:0 p.m.•4 views

MAL-2026-4664 Malicious code in search-connector-template (npm)

5.9AI score

OSV•added 2026/05/21 8:42 p.m.•4 views

MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...

OSSF Malicious Packages•added 2026/05/21 8:42 p.m.•7 views

Malicious code in configcat-trello-powerup (npm)

OSV•added 2026/05/21 8:41 p.m.•7 views

MAL-2026-4424 Malicious code in @remitee-money-transfer/rmt-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f21c6601855c2f2d0a5d0761d3defe8c0ba1708dd2a67fb278c03e0abd6ba16 Package ships only a preinstall lifecycle script scripts/preinstall.sh and no functional code. On npm install, the script reads /etc/passwd and...

5.9AI score

Exploits0References4

OSV•added 2026/05/21 8:18 p.m.•3 views

MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

OSSF Malicious Packages•added 2026/05/21 8:18 p.m.•6 views

Malicious code in cloudsmith-vsc (npm)

OSV•added 2026/05/21 7:57 p.m.•4 views

MAL-2026-4565 Malicious code in fnd-stores (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62c9035e303ec731c71c689ed77eed17b245cd4adc475cb616ff94991539aa56 On npm install, the package's postinstall hook runs node index.js, which collects the installer's hostname, OS platform, current working directory, C...

OSSF Malicious Packages•added 2026/05/21 7:56 p.m.•9 views

Malicious code in pubnub-moderation-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 750918c1551873c10f69bc746538652a6adf047d6c76231a40832fff30b74938 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. The script collects os.hostname,...

OSV•added 2026/05/21 7:56 p.m.•5 views

MAL-2026-4650 Malicious code in pubnub-moderation-tool (npm)

OSV•added 2026/05/21 7:54 p.m.•2 views

GHSA-8RP3-XC6W-5QP5 pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API

Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an...

5CVSS5.8AI score0.00028EPSS

OSV•added 2026/05/21 7:28 p.m.•6 views

GHSA-3R75-XC34-5F44 Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score

OSV•added 2026/05/21 7:19 p.m.•7 views

MAL-2026-4614 Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

OSSF Malicious Packages•added 2026/05/21 7:19 p.m.•8 views

Malicious code in moneykit-cardano-demo (npm)

OSV•added 2026/05/21 7:7 p.m.•2 views

MAL-2026-4514 Malicious code in chai-as-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7096b7b983ae63f8e59f9e047440547c9536f6c4c9da0ac46909b91a9d4e10e The package masquerades as a pino-style logger exports module.exports.pino = middleware, keywords fast,logger,stream,json, lib filenames proto.js,...

6.4AI score

Vulnrichment•added 2026/05/21 5:11 p.m.•8 views

CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS5.9AI score0.00022EPSS

Exploits0References3

OSV•added 2026/05/21 4:30 p.m.•3 views

RLSA-2026:13642 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.3AI score0.00044EPSS

OSV•added 2026/05/21 4:30 p.m.•9 views

RLSA-2026:13643 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

7.5CVSS7.3AI score0.00044EPSS

OSV•added 2026/05/21 4:28 p.m.•4 views

MAL-2026-4703 Malicious code in veteran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a20dd9f8d6a9df01d766c25693711d90e4303e3c68fa371f0b842f83c485b4 On npm install, the package's postinstall hook install.js, registered via package.json line 10 "postinstall": "node install.js" downloads a...

6AI score

OSSF Malicious Packages•added 2026/05/21 4:28 p.m.•6 views

Malicious code in veteran (npm)

6AI score