CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

515 matches found

Microweber <1.2.11 - Cross-Site Scripting

Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. id: CVE-2022-0678 info: name: Microweber 1.2.11 - Cross-Site Scripting...

6.5CVSS6.2AI score0.00903EPSS

Exploits1References5

Nuclei•added 12 hours ago•39 views

Microweber Information Disclosure

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0281 info: name: Microweber Information Disclosure author: pikpikcu severity: high description: Microweber contains a...

7.5CVSS7.2AI score0.18624EPSS

Exploits1References5

Fedora•added 4 days ago•8 views

[SECURITY] Fedora 44 Update: pie-1.4.5-1.fc44

PIE PHP Installer for Extensions. PIE can install an extension to any installed PHP version. A list of extensions that support PIE can be found on https://packagist.org/extensions. Documentation: /usr/share/doc/pie/docs/usage.md...

5.8AI score

Exploits0

Fedora•added 4 days ago•7 views

[SECURITY] Fedora 43 Update: pie-1.4.5-1.fc43

5.8AI score

Exploits0

The Hacker News•added 2026/05/23 4:7 p.m.•16 views

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...

6.6AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в composer

Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...

8.8CVSS8AI score0.00167EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в composer

Composer is a dependency manager for PHP. The URLs for Mercurial repositories in the composer.json file at the root level, as well as the source download URLs, are not sanified correctly. Specifically crafted URL values allow code to be executed via the HgDriver if hg/Mercurial is installed on th...

8.8CVSS7.7AI score0.02585EPSS

Exploits1References2

OSSF Malicious Packages•added 2026/05/13 3:14 a.m.•5 views

Malicious code in intercom-php (Packagist)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor. The malicious payload...

5.8AI score

Exploits0References3

Fedora•added 2026/04/23 1:11 a.m.•4 views

[SECURITY] Fedora 43 Update: pie-1.4.1-1.fc43

5.4AI score

Exploits0

Fedora•added 2026/04/23 12:57 a.m.•2 views

[SECURITY] Fedora 42 Update: pie-1.4.1-1.fc42

5.4AI score

Exploits0

The Hacker News•added 2026/03/04 9:37 a.m.•6 views

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan RAT that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper...

6.4AI score

Exploits0