CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wiz blog•added 2026/04/29 3:14 p.m.•4 views

Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud...

5.3AI score

Exploits0

OSV•added 2026/04/29 2:40 p.m.•0 views

MAL-2026-3174 Malicious code in internal-sys-audit-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24fa7464d076e1807141a149346864e59a44c3b8e2731c02e05c9d93d0dcf487 The package internal-sys-audit-check was found to contain malicious code. Source: ghsa-malware...

Snyk•added 2026/04/29 2:40 p.m.•4 views

Malicious Package

Overview gcp-internal-research-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/04/29 2:40 p.m.•6 views

Malicious code in gcp-internal-research-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9241eea1246719d57b428f64fd5138ae386fcf285aadd32a0a2ece3a8926b588 The package gcp-internal-research-poc was found to contain malicious code. Source: ghsa-malware...

5.4AI score

OSV•added 2026/04/29 2:40 p.m.•1 views

MAL-2026-3170 Malicious code in frank-newton3-db-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c57962acb9140cd99fb10338da13df89a6af2a7da30694456df2bc151acd247 The package frank-newton3-db-poc was found to contain malicious code. Source: ghsa-malware...

OSV•added 2026/04/29 2:40 p.m.•2 views

MAL-2026-3172 Malicious code in frank-newton3-user-hunt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...

Snyk•added 2026/04/29 2:40 p.m.•1 views

Malicious Package

Overview frank-newton3-user-hunt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score

Snyk•added 2026/04/29 2:40 p.m.•4 views

Malicious Package

Overview frank-newton3-db-final is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score

OSV•added 2026/04/29 2:40 p.m.•0 views

MAL-2026-3168 Malicious code in apple-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ae120f182e305f15d778dfe594aa3f79076b93b5bd4be77f293fdf08c5e12a The package apple-internal-config was found to contain malicious code. Source: ghsa-malware...

OSSF Malicious Packages•added 2026/04/29 2:40 p.m.•4 views

Malicious code in apple-internal-config (npm)

5.4AI score

NVD•added 2026/04/29 2:16 p.m.•0 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

7.5CVSS0.02742EPSS

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•2 views

Malicious code in @saif777/codemirror5 (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•3 views

Malicious code in react-video-canvas (npm)

5.9AI score

Cvelist•added 2026/04/29 1:31 p.m.•26 views

CVE-2026-42520

0.02742EPSS

Vulnrichment•added 2026/04/29 1:31 p.m.•1 views

CVE-2026-42520

6.5AI score0.02742EPSS

OSV•added 2026/04/29 1:21 p.m.•3 views

JLSEC-2026-349

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.5CVSS4AI score0.00131EPSS

Exploits1References6

OSV•added 2026/04/29 1:21 p.m.•4 views

JLSEC-2026-340

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FSsectfindnode of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

5.3CVSS5.1AI score0.00146EPSS

Exploits1References6

OSV•added 2026/04/29 10:0 a.m.•2 views

MAL-2026-3179 Malicious code in mbt (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

OSSF Malicious Packages•added 2026/04/29 10:0 a.m.•4 views

Malicious code in @cap-js/db-service (npm)

5.6AI score