CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•15 views

CVE-2026-9258

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS0.00247EPSS

CVE•added 2 days ago•11 views

CVE-2026-9258

The CVE concerns Canon EOS Network Setting Tool (Version 1.5.0 or earlier) with an improper validation of SSH host keys. Affected component: Canon EOS Network Setting Tool; root cause: incorrect SSH host key validation. Impact: confidentiality can be HIGH; integrity and availability remain unaffe...

7.1CVSS5.3AI score0.00247EPSS

Malicious code in lab-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bbde4e4075983db0c5aba255bc29f84fb2536681b13e8289412cce5c3ee7a2e On npm install, the package's postinstall hook runs seccheck.js, which enumerates the host's network interfaces and proceeds only if an IPv4 address...

5.3AI score

OSV•added 2 days ago•2 views

MAL-2026-5835 Malicious code in lab-helper (npm)

5.3AI score

NVD•added 2 days ago•4 views

CVE-2026-52720

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS0.00483EPSS

Exploits0References3

NVD•added 2 days ago•4 views

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

0.00451EPSS

EUVD•added 2 days ago•7 views

EUVD-2026-35549

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability...

7.5CVSS5.1AI score0.00766EPSS

Exploits0References5

OSV•added 2 days ago•3 views

GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

9.8CVSS5.8AI score0.00089EPSS

Exploits0References2

Vulnrichment•added 2 days ago•4 views

CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb

8.8CVSS6.2AI score0.00483EPSS

Exploits0References3

CVE•added 2 days ago•14 views

CVE-2026-52720

GStreamer: librfb (RFB/VNC client) is affected by a heap buffer overflow caused by improper bounds checking of rectangle dimensions, allowing a malicious VNC server to send a rectangle extending beyond the framebuffer. This can lead to an out-of-bounds heap write and, per the report, potential co...

8.8CVSS6.2AI score0.00483EPSS

Exploits0References3

Github Security Blog•added 2 days ago•10 views

Malicious code in @solana-labs/ancor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d59b87155558b811b79a7d671f6dcd66bee47adff3a7022ab22d73f18d86369 Package name @solana-labs/ancor is a one-character typosquat of the legitimate @coral-xyz/anchor / @project-serum/anchor Solana framework, published...

5.5AI score

Exploits0References6

Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

5.5AI score0.00023EPSS

Exploits0References3Affected Software1

Malicious code in neural-network-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...

5.3AI score

OSV•added 2 days ago•4 views

MAL-2026-5794 Malicious code in neural-network-scan (npm)

OSV•added 2 days ago•3 views

USN-8429-1 fastnetmon vulnerabilities

It was discovered that FastNetMon incorrectly validated prefix lengths when decoding BGP NLRI data. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. CVE-2026-48686 It was...

9.8CVSS6.2AI score0.0141EPSS

Exploits2References6

Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

OSV•added 2 days ago•4 views

MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)

OSV•added 2 days ago•3 views

MAL-2026-5782 Malicious code in token-prices-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10adc862166a2dbaf26f3dc56b4c1dfa0fd45e625f713380564d0b18fb07088d On npm install, the preinstall lifecycle script in postinstall.js enumerates process.env, filters keys matching a broad credential regex...