CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/06/02 9:0 p.m.•8 views

Embedded Malicious Code

9.8CVSS5.8AI score

OSV•added 2026/06/02 3:59 p.m.•9 views

MAL-2026-5169 Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/02 1:36 p.m.•10 views

Malicious code in jules-test-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

OSV•added 2026/06/02 12:0 p.m.•9 views

RUSTSEC-2026-0155 `exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

5.9AI score

OSV•added 2026/06/02 11:40 a.m.•8 views

MAL-2026-5166 Malicious code in sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32024f2d571ac850d0e9a7240951137c14d1f1529ab3e0f782ff677a5625ea package.json declares a dependency ltidisafe resolved directly from a raw tarball URL on a generic Google Cloud Storage bucket...

5.6AI score

OSV•added 2026/06/02 4:59 a.m.•7 views

MAL-2026-5152 Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

OSV•added 2026/06/01 3:36 p.m.•9 views

MAL-2026-5122 Malicious code in picnic-react-mise-en-place (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...

OSSF Malicious Packages•added 2026/06/01 3:36 p.m.•15 views

Malicious code in picnic-react-mise-en-place (npm)

EUVD•added 2026/06/01 3:30 p.m.•7 views

EUVD-2024-54942

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

4.7CVSS5.8AI score0.00138EPSS

Exploits0References3

EUVD•added 2026/06/01 3:30 p.m.•8 views

EUVD-2024-54943

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting XSS. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

4.3CVSS5.8AI score0.00177EPSS

Exploits0References3

Snyk•added 2026/06/01 3:13 p.m.•7 views

Malicious Package

Overview @chat-template/auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/06/01 3:13 p.m.•15 views

Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/01 3:5 p.m.•11 views

Malicious code in nepsnowplow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e26395712f5003186b16919b17058dbc8d140aae9ab0dc20d5add9624cc35c6 The OpenSSF Package Analysis project identified 'nepsnowplow' @ 9999.0.0 npm as malicious. It is considered malicious because: - The package...

OSV•added 2026/06/01 3:5 p.m.•6 views

MAL-2026-5121 Malicious code in nepsnowplow (npm)

OSV•added 2026/06/01 12:3 p.m.•8 views

MAL-2026-5110 Malicious code in jingmeideshishi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/01 12:3 p.m.•12 views

Malicious code in jingmeideshishi (npm)

OSSF Malicious Packages•added 2026/06/01 9:10 a.m.•11 views

Malicious code in @ewfewfewf/testhackerrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/01 9:10 a.m.•12 views

Malicious code in @pcldpvkoewpogw/testhacker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/01 9:10 a.m.•10 views

MAL-2026-5102 Malicious code in @ewfewfewf/testhackerrr (npm)