CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/23 7:15 p.m.•0 views

EUVD-2026-25287

7.1CVSS5.8AI score0.00083EPSS

Vulnrichment•added 2026/04/23 7:15 p.m.•3 views

CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

7.1CVSS5.3AI score0.00083EPSS

Vulnrichment•added 2026/04/23 7:13 p.m.•0 views

CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.0139EPSS

ATTACKERKB•added 2026/04/23 7:13 p.m.•2 views

CVE-2026-41268

7.7CVSS7.5AI score0.0139EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/23 7:13 p.m.•8 views

CVE-2026-41268

Flowise is affected by a critical unauthenticated remote command execution (RCE) prior to version 3.1.0. The vulnerability arises from a parameter override bypass that combines the FILE-STORAGE:: keyword with a NODE_OPTIONS environment variable injection, allowing arbitrary root commands to be ex...

9.8CVSS7.5AI score0.0139EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/23 7:13 p.m.•36 views

CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution

7.7CVSS0.0139EPSS

EUVD•added 2026/04/23 7:13 p.m.•2 views

EUVD-2026-25285

7.7CVSS7.5AI score0.0139EPSS

OSV•added 2026/04/23 5:50 p.m.•1 views

MAL-2026-3021 Malicious code in lightspark-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d15821a0ef5e30ecb40a14a3e49568a342a372835b2f8b6dbf868217547bcce6 The package lightspark-js was found to contain malicious code. Source: ossf-package-analysis...

OSSF Malicious Packages•added 2026/04/23 5:50 p.m.•5 views

Malicious code in lightspark-js (npm)

OSSF Malicious Packages•added 2026/04/23 5:7 p.m.•7 views

Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

OSSF Malicious Packages•added 2026/04/23 4:11 p.m.•6 views

Malicious code in microsoft-employee-experience (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c34bc4b2b8497b2f155f93295b0fe4b78eb94e7830684929547465d0b66b7a7 The package microsoft-employee-experience was found to contain malicious code. Source: ossf-package-analysis...

Snyk•added 2026/04/23 2:36 p.m.•2 views

Use of Web Browser Cache Containing Sensitive Information

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the serve-static.ts component. An attacker can cause legitimate users to receive persistent error responses for static...

6.9CVSS5.4AI score0.00056EPSS

Exploits0References2

vulnersOsv•added 2026/04/23 2:36 p.m.•3 views

@chocolatey-software/astro (=2.7.0), astro-service-worker (=0.0.1) potentially affected by CVE-2026-41322 via @astrojs/node (>=0.1.6 <=10.0.4)

@astrojs/node NPM version =0.1.6, =10.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @astrojs/node and may be impacted: - @chocolatey-software/astro =2.7.0 - astro-service-worker =0.0.1 Source cves: CVE-2026-41322 Source advisory:...

5.3CVSS5.8AI score0.00056EPSS

OSV•added 2026/04/23 1:15 p.m.•2 views

MAL-2026-3016 Malicious code in amazon-q-developer-streaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...

OSV•added 2026/04/23 7:27 a.m.•3 views

MAL-2026-3029 Malicious code in eth-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 843cae77c9aaf84bef1b7d5e46e27795d5203d2959a39b2797f0e1248b4995c7 The package eth-logger was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

OSV•added 2026/04/23 4:42 a.m.•2 views

MAL-2026-3007 Malicious code in json-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...

OSSF Malicious Packages•added 2026/04/23 4:42 a.m.•4 views

Malicious code in json-spacer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...

OSV•added 2026/04/23 4:42 a.m.•0 views

MAL-2026-3008 Malicious code in json-spacer (npm)

OSSF Malicious Packages•added 2026/04/23 4:42 a.m.•7 views

Malicious code in json-dec (npm)