CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

251677 matches found

CVE•added 2026/05/13 5:17 p.m.•10 views

CVE-2026-43997

CVE-2026-43997 affects the vm2 sandbox for Node.js. The vuln enables an attacker to obtain the host Object and escape the sandbox, potentially leading to arbitrary code execution (RCE). Affected versions were

10CVSS6AI score0.00022EPSS

Exploits1References1Affected Software1

OSV•added 2026/05/13 5:16 p.m.•1 views

DRUPAL-CONTRIB-2026-034

Node view permissions module enables permissions "View own content" and "View any content" for each content type on permissions page The module doesn't sufficiently handle the case where a user is cancelled and their content is reassigned to the anonymous user. This vulnerability is mitigated by...

3.7CVSS5.8AI score0.00037EPSS

Exploits0References1

CVE•added 2026/05/13 5:1 p.m.•31 views

CVE-2026-44578

CVE-2026-44578 affects Next.js self-hosted deployments using the built-in Node.js server. The issue enables server-side request forgery via crafted WebSocket upgrade requests, allowing an attacker to proxy requests to internal or external destinations and potentially expose internal services or c...

8.6CVSS5.9AI score0.0581EPSS

Exploits7References1Affected Software1

OSSF Malicious Packages•added 2026/05/13 4:39 p.m.•6 views

Malicious code in chia-network (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

5.8AI score

Exploits0

HackRead•added 2026/05/13 3:18 p.m.•6 views

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm...

5.8AI score

Exploits0

Snyk•added 2026/05/13 2:14 p.m.•3 views

Malicious Package

Overview buffer-export is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSV•added 2026/05/13 2:14 p.m.•3 views

MAL-2026-3658 Malicious code in load-bufferjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04d9f5ba202651d252a375411cf609db6f9a7ae83f164f6f2e66559a6dff5b92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/13 2:14 p.m.•6 views

Malicious code in load-bufferjs (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/13 2:3 p.m.•3 views

MAL-2026-3657 Malicious code in chai-as-streamed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1582aa7fb15599bd48e6f077be4d1a577d3916cf2c2650893f0406ede8ea3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1