CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in arjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

5.8AI score

Snyk•added 4 days ago•3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

Snyk•added 2026/05/29 10:54 p.m.•7 views

Malicious Package

Overview @cloudplatform-single-spa/ml-ai-agents-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Snyk•added 2026/05/29 10:2 p.m.•6 views

Malicious Package

Overview nextjs-chat-with-ai-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Snyk•added 2026/05/14 3:49 p.m.•5 views

Malicious Package

Overview viem-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 2026/05/04 3:2 a.m.•1 views

Malicious Package

Overview kl-b2c-ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 2026/04/29 12:30 a.m.•6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the cryptographic signature verification process. An attacker can cause the acceptance of tampered packages by intercepting network traffic or influencing the contents served to a...

8.2CVSS5.8AI score0.00018EPSS

OSV•added 2026/04/29 12:30 a.m.•0 views

GHSA-R727-5PF6-47R2 Elastic Package Registry has Improper Verification of Cryptographic Signature

5.9CVSS5.8AI score0.00018EPSS

Exploits0References3

NVD•added 2026/04/28 10:16 p.m.•1 views

CVE-2026-33467

5.9CVSS0.00018EPSS

Vulnrichment•added 2026/04/28 9:15 p.m.•2 views

CVE-2026-33467 Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass

EUVD•added 2026/04/28 9:15 p.m.•1 views

EUVD-2026-26140

5.9CVSS5.2AI score0.00018EPSS

Cvelist•added 2026/04/28 9:15 p.m.•25 views

CVE-2026-33467 Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass

5.9CVSS0.00018EPSS

CVE•added 2026/04/28 9:15 p.m.•7 views

CVE-2026-33467

Elastic Package Registry is affected by CVE-2026-33467 due to improper verification of cryptographic signatures (CWE-347), enabling package integrity bypass for self-hosted deployments that sync from upstream. Affected versions: all up to and including 1.37.0. The issue can be exploited if an att...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/28 9:15 p.m.•3 views

CVE-2026-33467

Exploits0References2Affected Software1

Elastic•added 2026/04/28 9:11 p.m.•4 views

Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...

Positive Technologies•added 2026/04/28 12:0 a.m.•1 views

Exploits0

PT-2026-35818

Name of the Vulnerable Software and Affected Versions Elastic Package Registry affected versions not specified Description Improper Verification of Cryptographic Signature occurs in the Elastic Package Registry. This issue allows an attacker who can intercept network traffic or influence the...

5.9CVSS5.8AI score0.00018EPSS

Exploits0References6

CNNVD•added 2026/04/28 12:0 a.m.•6 views

Elastic Package Registry 数据伪造问题漏洞

Elastic Package Registry is an integrated component and data distribution service provided by Elastic Inc. There is a vulnerability related to data falsification in Elastic Package Registry. This vulnerability stems from improper encryption signature verification, which may allow attackers to...

5.9CVSS5.8AI score0.00018EPSS

Snyk•added 2026/04/14 11:47 a.m.•3 views

Malicious Package

Overview vip-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Snyk•added 2026/04/13 3:45 p.m.•1 views

Malicious Package

Overview @lamoda/seller-ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...