CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in @emcd-vue/auth (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...

6AI score

Exploits0References1

Snyk•added 2026/03/10 6:31 p.m.•2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 10.0.4 or higher. References - Vulnerability Advisor...

8.5CVSS5.9AI score0.00025EPSS

Exploits0References2

EUVD•added 2025/11/24 4:31 p.m.•1 views

EUVD-2025-198922

Malicious code in @postman/pm-bin-linux-x64 npm...

6.6AI score

Exploits0

vulnersOsv•added 2025/11/24 4:31 p.m.•3 views

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190903...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2025/11/24 4:31 p.m.•4 views

Malicious code in @postman/pm-bin-linux-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94045a09bfa0905195be4f028d9e42bcf608154a645b14b2028754dc6e787b80 The package @postman/pm-bin-linux-x64 was found to contain malicious code. Source: google-open-source-security...

6.9AI score

Exploits0References3

vulnersOsv•added 2025/11/24 4:24 p.m.•2 views

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINLINUXX64-14103292...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2025/05/27 5:25 a.m.•4 views

Malicious code in athira-linux-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e427393183e173f65795c42251b41cf0af7ad267e64f05e6651dc4e0766b150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2025/05/27 5:25 a.m.•2 views

MAL-2025-4470 Malicious code in athira-linux-x64 (npm)

7AI score

Exploits0References1

Snyk•added 2025/01/14 7:46 p.m.•2 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

8.8CVSS7AI score0.01411EPSS

Exploits0References2

Snyk•added 2025/01/14 7:43 p.m.•2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.1 or higher. References -...

9.2CVSS7.9AI score0.00593EPSS

Exploits0References2

OSV•added 2024/10/16 1:18 p.m.•6 views

MAL-2024-9842 Malicious code in sharp-linux-x64 (npm)