CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:30 p.m.•6 views

CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

7.1CVSS5.5AI score0.00203EPSS

CNNVD•added 2026/06/02 12:0 a.m.•2 views

Dräger多款产品安全漏洞

Dräger Infinity Delta, among others, are products of the German company Dräger. The Dräger Infinity Delta is a multi-parameter clinical monitor. The Dräger Infinity Kappa is a multi-parameter patient monitor. The Dräger Infinity Delta XL is a high-performance multi-parameter patient monitor...

5.3CVSS5.5AI score0.00165EPSS

CNNVD•added 2026/05/29 12:0 a.m.•10 views

FreeRDP 资源管理错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained a resource management vulnerability. This vulnerability stemmed from the RDPEAR NDR parser acceptingNDR pointers with multiple logical pointer fields. It...

8.8CVSS5.8AI score0.00252EPSS

Exploits1References1

Tenable Nessus•added 2026/05/28 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-49014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...

7.8CVSS6.6AI score0.00102EPSS

Exploits0References3

EUVD•added 2026/05/22 10:4 p.m.•8 views

EUVD-2026-31517

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

10CVSS5.8AI score0.01244EPSS

OSSF Malicious Packages•added 2026/05/21 10:54 a.m.•8 views

Malicious code in payment-account-input-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...

OSV•added 2026/05/10 12:0 a.m.•4 views

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

OSV•added 2026/05/08 7:38 a.m.•6 views

MAL-2026-3380 Malicious code in justinleaguekems (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSSF Malicious Packages•added 2026/05/08 7:35 a.m.•10 views

Malicious code in yeahmankema (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/08 7:35 a.m.•5 views

MAL-2026-3386 Malicious code in yeahmankema (PyPI)

OSV•added 2026/05/07 6:43 p.m.•7 views

MAL-2026-3367 Malicious code in crayrandomiz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSSF Malicious Packages•added 2026/05/07 6:43 p.m.•9 views

Malicious code in crayrandomiz (PyPI)

EUVD•added 2026/05/06 12:30 p.m.•4 views

EUVD-2025-209663

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic...

8.8CVSS8.5AI score0.01079EPSS

CNNVD•added 2026/04/21 12:0 a.m.•7 views

Oracle GoldenGate 安全漏洞

Oracle GoldenGate is a comprehensive software package developed by Oracle Corporation in the United States, used for real-time data integration and replication in IT environments. This product supports real-time data integration, transaction-based change data capture, data services, transformatio...

5.3CVSS7.3AI score0.0025EPSS