CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/26 8:43 a.m.•5 views

MAL-2026-4794 Malicious code in indextts-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc206ef48bfccaec8e81aac2b666e2d54a4a027e8432cc1d08d3823cf333caca setup.py executes git clone --depth 1 --branch dev-3.12 https://github.com/gabry-lab/index-tts during the buildpy / egginfo / sdist / bdistwheel...

OSSF Malicious Packages•added 2026/05/26 8:43 a.m.•13 views

Malicious code in indextts-cli (PyPI)

OSSF Malicious Packages•added 2026/05/23 11:13 a.m.•10 views

Malicious code in @budetzzgantenk/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...

5.8AI score

OSV•added 2026/05/22 8:31 a.m.•4 views

MAL-2026-4597 Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

5.8AI score

Exploits0References2

OSV•added 2026/05/21 11:27 a.m.•6 views

MAL-2026-4366 Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score

OSV•added 2026/05/21 8:19 a.m.•3 views

MAL-2026-4373 Malicious code in @budetzz/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...

OSV•added 2026/05/21 6:39 a.m.•2 views

MAL-2026-4696 Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

OSSF Malicious Packages•added 2026/05/21 6:39 a.m.•6 views

Malicious code in turing-sdk (npm)

OSV•added 2026/05/20 3:8 p.m.•2 views

MAL-2026-4409 Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score

OSSF Malicious Packages•added 2026/05/19 7:5 p.m.•6 views

Malicious code in clsx-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23e4e85f63d161234d84c774fdff696827934a27282be2ce9ff362a756246ee6 On npm install, dist/postinstall.js base64-decodes the URL https://api.npoint.io/984b75c022a70cf00c39, fetches JSON from this anonymous mutable...

6.3AI score

Exploits0References3

NVD•added 2026/05/13 6:16 p.m.•8 views

CVE-2026-44005

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet and otherReflectDefineProperty, which lets attacker-controlled...

10CVSS0.00108EPSS

Exploits1References1

Patchstack•added 2026/05/07 4:7 a.m.•5 views

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.9.6, = 3.10.5...

10CVSS6AI score0.00108EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/05/07 4:7 a.m.•4 views

vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

Summary vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet and otherReflectDefineProperty, which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate...

10CVSS6.1AI score0.00108EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/05 12:0 a.m.•7 views

PT-2026-37246

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Request-line validation can be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created and its URI is subsequently modified using the setUri...

5.3CVSS5.8AI score0.0002EPSS

Exploits1References26

NVD•added 2026/04/10 5:17 p.m.•2 views

CVE-2026-35670

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

8.1CVSS0.00096EPSS

ATTACKERKB•added 2026/04/10 4:3 p.m.•0 views

CVE-2026-35670

6CVSS5.8AI score0.00096EPSS

Exploits0References5

OSV•added 2026/04/10 12:30 a.m.•2 views

GHSA-J42Q-R6QX-XRFP Duplicate Advisory: OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52q4-3xjc-6778. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that...

4.2CVSS5.7AI score0.00065EPSS