CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

185 matches found

OSV•added 2026/05/25 7:8 p.m.•3 views

MAL-2026-4615 Malicious code in motion-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f13ebafd858996faf32f6987cd969b933bf5c31c7ac329cf55f160bb6bbf6007 This package masquerades as the pino logger README copied from pino, exports module.exports.pino = middleware but its middleware does no logging. Whe...

6.3AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/23 4:50 p.m.•8 views

Malicious code in midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe668e556f4b46fce125c318ebc3bea93185c78ec36c19f8991bbcb36172a62b The package advertises a logger middleware keywords fast/logger/stream/json, exports module.exports.pino = middleware, file.js wraps a ./pino module ...

5.8AI score

Exploits0References1

OSV•added 2026/05/23 4:50 p.m.•6 views

MAL-2026-4611 Malicious code in midpatch (npm)

5.8AI score

Exploits0References1

EUVD•added 2026/04/24 6:53 p.m.•1 views

EUVD-2026-25614

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

8.8CVSS5.6AI score0.00033EPSS

Exploits0References1

CNNVD•added 2026/04/24 12:0 a.m.•4 views

Apache DolphinScheduler 代码问题漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Versions of Apache DolphinScheduler from 3.2.0 to 3.3.1 had code vulnerabilities. These vulnerabilities stemmed from insecure data deserialization in the RPC module, which coul...

6.3CVSS5.9AI score0.00059EPSS

Exploits0References1

Github Security Blog•added 2026/04/03 2:46 a.m.•2 views

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

8.3CVSS6AI score0.00012EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/03/26 3:2 p.m.•1 views

CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

8.6CVSS5.8AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:39 p.m.•3 views

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

9.2CVSS5.7AI score0.00065EPSS

Exploits0References1

Snyk•added 2026/02/19 11:38 p.m.•2 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to incorrect handling of network traffic permissions when certain network configurations, such as Native Routing, WireGuard, and Node Encryption, are enabled. An attacker can gain unauthorized access t...

6.1CVSS5.5AI score0.00006EPSS

Exploits1References2

NVD•added 2026/02/19 5:24 p.m.•4 views

CVE-2026-26016

9.2CVSS0.00065EPSS

Exploits0References2

CVE•added 2026/02/19 3:55 p.m.•10 views

CVE-2026-26016

Summary: CVE-2026-26016 affects Pterodactyl Panel (Wings) prior to 1.12.1 due to missing authorization checks across multiple controllers/endpoints. An authenticated Wings node with a node secret token can access and disclose information about servers on other nodes, retrieve server installation ...

9.2CVSS5.7AI score0.00065EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/17 6:54 p.m.•2 views

GHSA-G7VW-F8P5-C728 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

9.2CVSS5.8AI score0.00065EPSS

Exploits0References4

Github Security Blog•added 2026/02/17 6:54 p.m.•7 views

Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

9.2CVSS5.8AI score0.00065EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/17 12:0 a.m.•3 views

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

9.2CVSS5.5AI score0.00065EPSS

Exploits0References10

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

TencentOS Server 3: booth (TSSA-2022:0232)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0232 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS6.5AI score0.00669EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-1364

Malware in sbrugna...

3.5CVSS6.4AI score0.0042EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-4740

Malware in sbrugna...

5CVSS6.4AI score0.00595EPSS

Exploits0References8