CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

OSSF Malicious Packages•added 2026/06/16 2:14 a.m.•6 views

Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.4AI score

Exploits0References9

OSSF Malicious Packages•added 2026/06/10 6:44 p.m.•14 views

Malicious code in check-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...

6.2AI score

Exploits0References6

OSV•added 2026/06/09 5:45 p.m.•8 views

MAL-2026-5459 Malicious code in @dktunited/anly-tracker-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...

5.5AI score

Exploits0References1

OSV•added 2026/06/09 5:44 p.m.•5 views

MAL-2026-5443 Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score

Exploits0References1

OSV•added 2026/06/09 5:44 p.m.•9 views

MAL-2026-5445 Malicious code in grateful-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7a07a0a09ed8037058353b9b9b067e25e3cbe783eaab8d54276d490f823471 On npm install, the package's postinstall script src/canary.js performs a DNS lookup and HTTPS GET to the hardcoded host...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/09 5:44 p.m.•10 views

Malicious code in exodus-solana-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecffe98bff5e1c4655631cf8f92b1b1ccb534e0eeaa7043fab0d5fa1fbfabc35 Package name impersonates the Exodus cryptocurrency wallet brand exodus-solana-sdk. package.json declares a postinstall hook node src/canary.js that...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/09 5:44 p.m.•12 views

Malicious code in exodus-ethereum-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...

5.5AI score

Exploits0References1

Tenable Nessus•added 2026/04/17 12:0 a.m.•1 views

Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)

According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...

6.5CVSS5.9AI score0.00388EPSS

Exploits0References5

Snyk•added 2026/02/24 12:19 a.m.•4 views

Improper Certificate Validation

Overview jxm is an Incredibly fast messaging backend Affected versions of this package are vulnerable to Improper Certificate Validation in the HTTPS request due to the use of 'rejectUnauthorized': false when 'jxobj.IsSecure' is true. An attacker can intercept or manipulate encrypted traffic by...

8.3CVSS5.9AI score0.00169EPSS

Exploits0References2