Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

251945 matches found

OSV
OSVadded 2026/04/15 10:5 p.m.2 views

MAL-2026-2904 Malicious code in trackora-node (npm)

trackora-node is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References2
OSV
OSVadded 2026/04/15 10:5 p.m.2 views

MAL-2026-2902 Malicious code in lockedin-chai-chain (npm)

lockedin-chai-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References1
OSV
OSVadded 2026/04/15 10:5 p.m.4 views

MAL-2026-2897 Malicious code in chai-beta (npm)

chai-beta is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/XRGF3 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/15 10:5 p.m.5 views

Malicious code in trackora-node (npm)

trackora-node is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/15 10:5 p.m.3 views

Malicious code in chai-as-type (npm)

chai-as-type is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c26313f0733957a7d787 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

6AI score
Exploits0References2
OSV
OSVadded 2026/04/15 10:5 p.m.0 views

MAL-2026-2888 Malicious code in chai-as-encrypted (npm)

chai-as-encrypted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/29ebd497b6f232e6b0a9 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References2
OSV
OSVadded 2026/04/15 10:5 p.m.1 views

MAL-2026-2893 Malicious code in chai-as-mobj (npm)

chai-as-mobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/31bccfbf4ee2732207a4 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/04/15 10:5 p.m.3 views

MAL-2026-2900 Malicious code in dotenv-pack (npm)

dotenv-pack is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References1
EUVD
EUVDadded 2026/04/15 6:31 p.m.3 views

EUVD-2026-22962

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.00321EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/15 6:31 p.m.1 views

EUVD-2026-22973

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.00377EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/15 6:31 p.m.3 views

EUVD-2026-22970

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.00469EPSS
Exploits1References2
OSV
OSVadded 2026/04/15 6:25 p.m.3 views

MAL-2026-2696 Malicious code in bfx-hf-strategy-perf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
NVD
NVDadded 2026/04/15 5:17 p.m.3 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS0.00469EPSS
Exploits1References1
NVD
NVDadded 2026/04/15 5:17 p.m.1 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS0.00321EPSS
Exploits0References1
NVD
NVDadded 2026/04/15 4:16 p.m.2 views

CVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/15 4:3 p.m.3 views

CVE-2026-20180 Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.00469EPSS
Exploits1References1
CVE
CVEadded 2026/04/15 4:3 p.m.26 views

CVE-2026-20180

Cisco Identity Services Engine (ISE) contains a remote code execution vulnerability (CVE-2026-20180) that can be exploited by an authenticated attacker with at least Read Only Admin credentials. The issue stems from insufficient validation of user-supplied input, allowing a crafted HTTP request t...

9.9CVSS6.2AI score0.00469EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/15 4:3 p.m.13 views

CVE-2026-20180 Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS0.00469EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/15 4:3 p.m.12 views

CVE-2026-20186 Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS0.00377EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/15 4:3 p.m.1 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.00321EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder