CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

234624 matches found

OSSF Malicious Packages•added 2026/04/15 11:21 p.m.•6 views

Malicious code in simple-auth-basic (npm)

simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...

Exploits0References1

OSV•added 2026/04/15 11:21 p.m.•3 views

MAL-2026-2906 Malicious code in swplayer-react-sl (npm)

swplayer-react-sl is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb25be00997a0e21d0d5337b89729fe6c3a99c9364f8a46d4b2e2a828e845f54 The...

Exploits0References1

OSV•added 2026/04/15 10:5 p.m.•2 views

MAL-2026-2903 Malicious code in trackora-chain (npm)

trackora-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSV•added 2026/04/15 10:5 p.m.•2 views

MAL-2026-2904 Malicious code in trackora-node (npm)

trackora-node is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSV•added 2026/04/15 10:5 p.m.•2 views

MAL-2026-2902 Malicious code in lockedin-chai-chain (npm)

lockedin-chai-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References1

OSV•added 2026/04/15 10:5 p.m.•4 views

MAL-2026-2897 Malicious code in chai-beta (npm)

chai-beta is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/XRGF3 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References1

OSSF Malicious Packages•added 2026/04/15 10:5 p.m.•3 views

Malicious code in chai-as-type (npm)

chai-as-type is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c26313f0733957a7d787 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSV•added 2026/04/15 10:5 p.m.•0 views

MAL-2026-2888 Malicious code in chai-as-encrypted (npm)

chai-as-encrypted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/29ebd497b6f232e6b0a9 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSSF Malicious Packages•added 2026/04/15 10:5 p.m.•6 views

Malicious code in trackora-node (npm)

trackora-node is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSV•added 2026/04/15 10:5 p.m.•1 views

MAL-2026-2893 Malicious code in chai-as-mobj (npm)

chai-as-mobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/31bccfbf4ee2732207a4 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References2

OSV•added 2026/04/15 10:5 p.m.•3 views

MAL-2026-2900 Malicious code in dotenv-pack (npm)

dotenv-pack is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Exploits0References1

OSV•added 2026/04/15 6:25 p.m.•3 views

MAL-2026-2696 Malicious code in bfx-hf-strategy-perf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...

NVD•added 2026/04/15 4:16 p.m.•2 views

CVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS0.00343EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/04/15 2:57 p.m.•5 views

Malicious code in fusion-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c8e696e51251f71e47adebced7b96e693530edba7546edfc180e21202e2048 The package fusion-events was found to contain malicious code. Source: ghsa-malware 88d534717a957da6a2dd2be4f5db4aa652489fa5ac3b30382f4a8e5e06865be2...

Exploits0References1

Snyk•added 2026/04/15 2:57 p.m.•2 views

Malicious Package

Overview vs-supplier-portal-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/15 2:57 p.m.•2 views

Malicious code in vs-supplier-portal-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4ce50d0cee946b14aa2dee0c469a73331ff0c63bc65b134b3b50edb5d43c54 The package vs-supplier-portal-web was found to contain malicious code. Source: ghsa-malware...

Exploits0References1

OSV•added 2026/04/15 2:19 p.m.•1 views

MAL-2026-2688 Malicious code in @pnc-cib/cib-core-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8766c693609e1190061234006c3ba48a9e4f421805daabf59baa712e6d634eee The package @pnc-cib/cib-core-lib was found to contain malicious code. Source: ghsa-malware...

Exploits0References1

OSSF Malicious Packages•added 2026/04/15 2:19 p.m.•4 views

Malicious code in @pnc-cib/cib-core-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8766c693609e1190061234006c3ba48a9e4f421805daabf59baa712e6d634eee The package @pnc-cib/cib-core-lib was found to contain malicious code. Source: ghsa-malware...

Exploits0References1

Snyk•added 2026/04/15 1:56 p.m.•2 views

Malicious Package

Overview laserlogsink is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/15 1:21 p.m.•4 views

Malicious code in react-dom-19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by