CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/10 8:40 p.m.•2 views

MAL-2026-3415 Malicious code in ac-sasskit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d0a627b8de0f6fc1b418dbc3f6242c1b3c4a0e39e5de9d6b70edce441d72db The package ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...

OSV•added 2026/05/10 3:15 p.m.•2 views

MAL-2026-3422 Malicious code in rsflows-pexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ossf-package-analysis...

OSSF Malicious Packages•added 2026/05/10 3:15 p.m.•3 views

Malicious code in rsflows-pexml (npm)

OSV•added 2026/05/10 10:36 a.m.•0 views

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

UbuntuCve•added 2026/05/10 6:16 a.m.•7 views

CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

Vulnrichment•added 2026/05/10 4:43 a.m.•4 views

Exploits0References2

CVE-2026-7263 DoS attack via DOMNode::C14N()

6.3CVSS5.8AI score0.0005EPSS

Debian CVE•added 2026/05/10 4:43 a.m.•4 views

CVE-2026-7263

AlpineLinux•added 2026/05/10 4:43 a.m.•8 views

CVE-2026-7263

OSSF Malicious Packages•added 2026/05/10 3:36 a.m.•5 views

Malicious code in @miurba/alcazaba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...

OSV•added 2026/05/10 3:36 a.m.•2 views

MAL-2026-3410 Malicious code in @miurba/alcazaba (npm)

OSV•added 2026/05/10 12:20 a.m.•0 views

MAL-2026-3409 Malicious code in mw-filesystem-events-nodream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3da27e815b33bf88dc4fb31bc8b5558501b65ded9de77aab08e7ae785c2c38b The package mw-filesystem-events-nodream was found to contain malicious code. Source: ossf-package-analysis...

OSSF Malicious Packages•added 2026/05/10 12:20 a.m.•4 views

Malicious code in mw-filesystem-events-nodream (npm)

CNNVD•added 2026/05/10 12:0 a.m.•4 views

XML::LibXML 缓冲区错误漏洞

XML::LibXML is an open-source Perl interface tool developed by CPAN authors for parsing and manipulating XML files. Versions of XML::LibXML 2.0210 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the parsing of XML node names that contained truncated UTF-8 byte...

7.5CVSS6AI score0.00024EPSS

CNNVD•added 2026/05/10 12:0 a.m.•5 views

PHP 安全漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained security vulnerabilities. These vulnerabilities stemmed from the DOMNode::C14N method, which might improperly handle XML data, causing a circular linked list to be formed in t...

OSSF Malicious Packages•added 2026/05/10 12:0 a.m.•7 views

Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...