CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

251876 matches found

OSSF Malicious Packages•added 2026/04/27 1:57 p.m.•5 views

Malicious code in @apple-pay-trust/finish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9abd2d210c4a5df0e95f326e80b2e6618647c03ba4158e1d6ffbd36d9f7b800a The package @apple-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

OSV•added 2026/04/27 1:14 p.m.•4 views

JLSEC-2026-196

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

5.3CVSS5AI score0.00127EPSS

Exploits1References6

IBM Security Bulletins•added 2026/04/27 9:35 a.m.•4 views

Security Bulletin: IBM watsonx.data integration (Data Observability) is vulnerable to node-forge-1.3.1.tgz due to CVE-2025-12816 ( CVE number(s) )

Summary An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security...

8.6CVSS6.5AI score0.00071EPSS

Exploits1Affected Software1

OSV•added 2026/04/27 6:58 a.m.•2 views

MAL-2026-3124 Malicious code in apple-internal-dev-check (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score

Exploits0References1

Packet Storm•added 2026/04/27 12:0 a.m.•116 views

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

9.8CVSS5.4AI score0.00303EPSS

Exploits3

OSV•added 2026/04/26 6:25 p.m.•1 views

MAL-2026-3081 Malicious code in frank-research-poc-apple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...

5.4AI score

Exploits0

OSSF Malicious Packages•added 2026/04/26 6:25 p.m.•5 views

Malicious code in frank-research-poc-apple (npm)

5.3AI score

Exploits0

OSSF Malicious Packages•added 2026/04/26 6:8 p.m.•5 views

Malicious code in @clearpool/streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector febaceb862fd80f68bdcefbbed2667f056ba0b09cc0607d92962dd0d1c2a8b5d The package @clearpool/streaming was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/26 5:45 p.m.•4 views

Malicious code in @clearpool/table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79bdf65c3193663ec05f4281e94765c2106a6a5ce8bd9860a4cfcbaab419f0c9 The package @clearpool/table was found to contain malicious code. Source: ghsa-malware 34f072d9880102a7b4495043aa1155a43587246ae13f1974b107df2bbe4760...

5.8AI score

Exploits0References1

OSV•added 2026/04/26 5:45 p.m.•0 views

MAL-2026-3058 Malicious code in @clearpool/table (npm)

5.8AI score

Exploits0References1

OSV•added 2026/04/26 5:35 p.m.•3 views

MAL-2026-3056 Malicious code in @clearpool/comms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...

5.8AI score

Exploits0References1

OSV•added 2026/04/26 5:10 p.m.•2 views

MAL-2026-3049 Malicious code in classlink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2915556b569ee5a4e890ea4178a61836ed8799f93a30fb0ac5e30cc37a41ede The package classlink was found to contain malicious code. Source: ossf-package-analysis...

5.3AI score

Exploits0

OSV•added 2026/04/26 3:17 p.m.•3 views

MAL-2026-3080 Malicious code in frank-bot-gogle-cloning (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44bf385867bdd18d9634c115e9e423146f198038e6fdb1d6dca9c95743f3af4b The package frank-bot-gogle-cloning was found to contain malicious code. Source: ossf-package-analysis...

5.4AI score

Exploits0

OSSF Malicious Packages•added 2026/04/26 12:49 p.m.•5 views

Malicious code in @ozon-complt/antibot-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2b2c8d66cf69cda5e16765e70a8c3615ecfc57baa6a283228bab60dcc337dc The package @ozon-complt/antibot-handler was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

Patchstack•added 2026/04/25 11:50 p.m.•3 views

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score

Exploits0References3Affected Software1

vulnersOsv•added 2026/04/25 11:49 p.m.•6 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-45000 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-45000 Source advisory: SNYK:JS-OPENCLAW-16298043...

5CVSS5.8AI score0.0003EPSS

Exploits0

Patchstack•added 2026/04/25 11:49 p.m.•4 views

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score

Exploits0References3Affected Software1

vulnersOsv•added 2026/04/25 11:46 p.m.•6 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-44993 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-44993 Source advisory: SNYK:JS-OPENCLAW-16298044...

5.4CVSS5.8AI score0.00039EPSS

Exploits0

Patchstack•added 2026/04/25 11:45 p.m.•2 views

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score

Exploits0References3Affected Software1

OSV•added 2026/04/25 6:15 p.m.•1 views

MAL-2026-3062 Malicious code in @google-pay-trust/cancelled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7b08b4a3e94724e2b15686c111c5633ab73daf6f54dbcc7b758b91cfa3797a The package @google-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by