CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 7:28 a.m.•16 views

Malicious code in claimora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...

5.6AI score

Exploits0References1

CNNVD•added 2026/06/09 12:0 a.m.•9 views

TYPO3 CMS 路径遍历漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions 11.0.0 to 11.5.50, 12.0.0 to 12.4.45, 13.0.0 to 13.4.30, and 14.0.0 to 14.3.2 of TYPO3 CMS contain a path traversal vulnerability. This vulnerability arises from backend users with file download...

7.1CVSS5.2AI score0.00313EPSS

Tenable Nessus•added 2026/06/06 12:0 a.m.•6 views

EulerOS Virtualization 2.13.1 : rsync (EulerOS-SA-2026-2150)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

4.3CVSS5.6AI score0.00283EPSS

RedHat Linux•added 2026/05/26 9:24 a.m.•7 views

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

4.3CVSS5.7AI score0.00283EPSS

RedHat Linux•added 2026/05/26 5:39 a.m.•9 views

rsync: Rsync: Out of bounds array access via negative index

4.3CVSS5.7AI score0.00283EPSS

Vulnrichment•added 2026/05/20 12:49 a.m.•6 views

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6AI score0.00215EPSS

Exploits0References3

Snyk•added 2026/05/07 4:8 a.m.•6 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then...

9.9CVSS6.1AI score0.00669EPSS

Exploits1References2

Tenable Nessus•added 2026/04/21 12:0 a.m.•10 views

Alibaba Cloud Linux 3 : 0071: rsync (ALINUX3-SA-2026:0071)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0071 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-10158: A malicious client acting as the...

4.3CVSS5.9AI score0.00283EPSS

RedHat Linux•added 2026/04/07 4:44 p.m.•4 views

rsync: Rsync: Out of bounds array access via negative index

RedHat Linux•added 2026/04/02 10:54 a.m.•4 views

rsync: Rsync: Out of bounds array access via negative index

RedHat Linux•added 2026/04/01 3:41 p.m.•5 views

rsync: Rsync: Out of bounds array access via negative index

OpenVAS•added 2026/03/17 12:0 a.m.•4 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2026-1620)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVAS•added 2026/03/16 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2026-1349)

CVE•added 2026/03/13 9:3 p.m.•36 views

CVE-2026-32640

CVE-2026-32640 affects the Python library SimpleEval, prior to version 1.0.5. According to the connected advisories, SimpleEval did not fully restrict module references and callback handling inside its sandbox, enabling sandbox bypass and potentially arbitrary code execution. The issue is fixed i...

9.8CVSS5.8AI score0.0046EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/03/10 12:0 a.m.•6 views

EulerOS 2.0 SP13 : rsync (EulerOS-SA-2026-1261)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...