CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

252537 matches found

OSSF Malicious Packages•added 2026/05/20 12:57 p.m.•11 views

Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

5.9AI score

Exploits0References3

vulnersOsv•added 2026/05/20 10:36 a.m.•5 views

chisa-botwa (=8.6.51) potentially affected by unknown CVE via yessir-node (=2.2.7)

yessir-node NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on yessir-node and may be impacted: - chisa-botwa =8.6.51 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4736...

5.5AI score

Exploits0

OSSF Malicious Packages•added 2026/05/20 10:36 a.m.•12 views

Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

5.9AI score

Exploits0References1

OSV•added 2026/05/20 10:36 a.m.•13 views

MAL-2026-4736 Malicious code in yessir-node (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 9:43 a.m.•10 views

Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 8:20 a.m.•9 views

Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

5.9AI score

Exploits0References4

Microsoft CVE•added 2026/05/20 8:1 a.m.•6 views

net: qrtr: ns: Limit the maximum server registration per node

...

5.5CVSS5.4AI score0.00186EPSS

Exploits0

OSSF Malicious Packages•added 2026/05/20 7:37 a.m.•9 views

Malicious code in tdpilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ebe5ca10c51471256249507d8c7b142996cc72d7472a7a55c08fe6351876f9 run.js invokes execSync"curl -LsSf https://astral.sh/uv/install.sh | sh", fetching and executing a remote shell script from astral.sh without integri...

6.4AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/20 7:23 a.m.•13 views

Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score

Exploits0References1

OSV•added 2026/05/20 7:13 a.m.•3 views

SUSE-SU-2026:2019-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. - CVE-2026-4802: remote command execution via unsanitized...

8CVSS7.7AI score0.01016EPSS

Exploits1References7

OSSF Malicious Packages•added 2026/05/20 7:4 a.m.•17 views

Malicious code in @qwedqwed/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 119efce3cb464ef8c7b605ec49768619ac9ef49b9981d4b0a530ff1829194b8c @qwedqwed/axios republishes the legitimate axios source verbatim under an unrelated scope, copies the original author metadata Matt Zabriskie for...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 6:52 a.m.•9 views

Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/20 6:43 a.m.•8 views

Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

5.9AI score

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: tifpc202: fixed a potential memory leak in the probe function. Used foreachchildofnodescoped to simplify the code and ensure that the device node reference is automatically released when the loop scope ends...

5.5CVSS5.5AI score0.00121EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в node-ssri

ssri 5.2.2-8.0.0; fixed in 8.0.1. This version processes SRIs using a regular expression, which is vulnerable to a denial of service attack. Malicious SRIs could take an extremely long time to process, resulting in a denial of service. This issue only affects consumers who use the “strict” option...

7.5CVSS6.8AI score0.04699EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в node-minimatch

A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...

7.5CVSS6.9AI score0.01674EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в node-loader-utils

A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...

9.8CVSS7.2AI score0.02601EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: HSI: omapssi: Fixed a refcount leak in ssiprobe. When returning from or prematurely terminating a foreachavailablechildofnode loop, we need to explicitly call ofnodeput on the child node to potentially release the node...

5.7AI score0.00199EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode.” However, freedevicenode is used for dlc-ofnode, but it need...

5.5CVSS5.5AI score0.00196EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: The issue with bchbtreenodealloc has been fixed to ensure that the failure behavior is consistent. In some specific situations, the return value of bchbtreenodealloc might be NULL. This could lead to a potential NULL...

5.5CVSS5.5AI score0.00132EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by