CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/12 12:0 a.m.•7 views

Secure (Multiple) Key-Cast over Networks: Multiple Eavesdropping Nodes

We study the secure multiple key-cast problem over noiseless networks under node-based eavesdroppers, where one or more source nodes participate in the generation of distinct secret keys to be shared among designated terminal subsets, while an eavesdropper observing up to $\ell$ nodes, including...

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

Exploits0

PT-2026-40467

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description A remote attacker can create a map node with a malicious label containing arbitrary HTML. When the map tab and a map node marker are selected, the application renders the HTML, which can trigger...

5.1CVSS6AI score0.00183EPSS

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00044EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40466

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a node with a malicious type to escape an...

7.1CVSS6.1AI score0.00183EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Nginx UI 代码问题漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.4 and earlier have code vulnerabilities. This vulnerability allows authenticated users to create cluster nodes that point to arbitrary internal URLs and send API requests with the X-Node-ID header, resulting in SSR...

9.9CVSS6AI score0.00012EPSS

Exploits1References2

CNNVD•added 2026/05/12 12:0 a.m.•4 views

multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40310

7.5CVSS5.8AI score0.0005EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Flowsint 跨站脚本漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from map node tags containing arbitrary HTML, which could lead to storage-based cross-site scripting...

5.1CVSS5.8AI score0.00183EPSS

Exploits0References2

OSV•added 2026/05/11 11:59 p.m.•2 views

MAL-2026-3495 Malicious code in @tanstack/vue-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23dd073c586a2dad28ee9957fd8a3059bcbb261fbbb6a17e3b99a7145158ef8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/11 11:58 p.m.•0 views

MAL-2026-3476 Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/11 11:55 p.m.•1 views

MAL-2026-3473 Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/11 11:49 p.m.•7 views

Malicious code in @tanstack/react-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/11 11:44 p.m.•6 views

Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/11 11:37 p.m.•4 views

Malicious code in @tanstack/arktype-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00740c1707de87fdde677d596049a754c3269e6b54875d76eb4934a1368b7112 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 2026/05/11 9:0 p.m.•5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.17051EPSS

Exploits3References2

vulnersOsv•added 2026/05/11 9:0 p.m.•6 views

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace (>=0.4.1 <=0.8.0)

@squawk/airspace NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACE-16640892...