CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/25 12:0 a.m.•4 views

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions of ISC BIND 9 such as 9.16.50 and earlier, 9.18.46 and earlier, 9.20.20 and earlier, 9.21.19 and earlier, 9.16.50-S1 and earlier, 9.18.46-S1 and earlier, and 9.20.20-S1 and earlier...

7.5CVSS7.5AI score0.00061EPSS

Exploits0References5

OSV•added 2026/02/04 9:21 a.m.•4 views

MAL-2026-733 Malicious code in deuro-landing-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21bff5e6829c4c257d34d4ad60dd2d5d85f4f6fc67fdffaf74c86bb600ff7cb The package deuro-landing-page was found to contain malicious code. Source: ossf-package-analysis...

5.4AI score

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-3913

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0 Description Horilla is a Human Resource Management System HRMS. The has xss function in version 1.4.0 attempts to prevent Cross-Site Scripting XSS by using regular expressions to filter input. However, these...

5.4CVSS5.9AI score0.00018EPSS

Exploits1References11

RedHat Linux•added 2025/11/26 9:38 p.m.•2 views

bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

RedHat Linux•added 2025/11/24 10:36 a.m.•4 views

bind: Cache poisoning attacks with unsolicited RRs

Positive Technologies•added 2025/11/18 12:0 a.m.•5 views

PT-2025-47370

Name of the Vulnerable Software and Affected Versions Backdrop CMS version 1.32.1 Description A Host Header Injection flaw exists in Backdrop CMS. This issue allows attackers to manipulate the Host header within password reset requests. Successful exploitation can lead to redirection to malicious...

6.1CVSS6.9AI score0.00044EPSS

Exploits1References6

RedHat Linux•added 2025/11/12 10:49 a.m.•3 views

bind: Cache poisoning attacks with unsolicited RRs

RedHat Linux•added 2025/11/10 2:50 a.m.•6 views

bind: Cache poisoning attacks with unsolicited RRs

RedHat Linux•added 2025/11/05 12:1 p.m.•2 views

bind: Cache poisoning attacks with unsolicited RRs

The Hacker News•added 2025/10/24 6:35 p.m.•3 views

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are...

7.1AI score

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-35462

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00454EPSS

EUVD•added 2025/10/03 8:7 p.m.•15 views

EUVD-2022-35463

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00454EPSS

Cvelist•added 2025/08/21 8:23 p.m.•7 views

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

4.8CVSS0.00058EPSS

Malwarebytes•added 2025/07/25 10:0 a.m.•5 views

Watch out: Instagram users targeted in novel phishing campaign

A phishing campaign targeting Instagram users is doing the rounds. There are plenty of those around, but when we took a look at this particular email, it seemed a bit different to the normal phishing emails that point to scammy websites. The email looked like this, which is very similar to the on...

7AI score

HackRead•added 2025/07/15 9:8 p.m.•4 views

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users...

7.3AI score

OSSF Malicious Packages•added 2025/07/11 4:55 p.m.•3 views

Malicious code in @3kali182/angular-1.6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6e937539475b670c6b2803a93621c36b92e5e70e066d60b062182fea98829b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSV•added 2025/06/29 1:15 p.m.•4 views

MAL-2025-5317 Malicious code in dynatrace-test-automation (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74e3306bb8dffcb52855ae4c1db02c52669e3f7aa823b0baf1c10f781b90ab77 Any computer that has this package installed or running should be considered...

7.2AI score

OSV•added 2025/06/28 6:0 p.m.•2 views

MAL-2025-5310 Malicious code in astrobot (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ffc765ff7a13ab9e143382b71e34d7e26fed620ad30d219d1097b448a9f0a66 Any computer that has this package installed or running should be considered...

7.2AI score

OSSF Malicious Packages•added 2025/06/17 3:57 p.m.•4 views

Malicious code in o11y-ds-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fca3e674d984eeb8be380f95b3033584360c55efdc438f8f43c521b0d7239f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score