CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/06/02 7:9 a.m.•62 views

Exploit for Out-of-bounds Write in Redis

Docker Operations Create a Docker container docker comp...

8.8CVSS5.8AI score0.00183EPSS

Exploits2

OSV•added 2026/05/29 12:0 a.m.•5 views

MAL-2026-5038 Malicious code in @t-in-one/form_product_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•12 views

Malicious code in @cloudplatform-single-spa/dataplatform-trino (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•7 views

Malicious code in @fb-deposit/form-deposit (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

OSV•added 2026/05/28 12:0 a.m.•5 views

Exploits0References1

MAL-2026-4911 Malicious code in @cloudplatform-single-spa/dataplatform-spark (npm)

OSV•added 2026/05/28 12:0 a.m.•4 views

Exploits0References1

MAL-2026-4984 Malicious code in @cloudplatform-single-spa/svp-interfaces (npm)

OSV•added 2026/05/28 12:0 a.m.•6 views

MAL-2026-5004 Malicious code in @debit-ib/desktop-debit-ib-additional-card-form (npm)

OSV•added 2026/05/20 4:4 a.m.•4 views

Exploits0References1

MAL-2026-4502 Malicious code in bucket-protocol-sdk-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...

OSSF Malicious Packages•added 2026/05/20 12:39 a.m.•7 views

Exploits0References7

Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

GithubExploit•added 2026/05/02 2:15 a.m.•66 views

Exploits0References10

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Aquí tienes una versión completamente reescrita, con vocabulario...

7.8CVSS6AI score0.02579EPSS

Exploits227

Metasploit•added 2026/04/02 7:2 p.m.•228 views

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/upexec/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION...

Metasploit•added 2026/04/02 7:2 p.m.•144 views

HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...

Metasploit•added 2026/04/02 7:2 p.m.•144 views

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/dllinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

Metasploit•added 2026/04/02 7:2 p.m.•132 views

HTTP Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...

Metasploit•added 2026/04/02 7:2 p.m.•76 views

HTTP Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid sho...

6AI score

GithubExploit•added 2026/03/30 12:51 p.m.•100 views

kexploitbinary

DarkSword Red Team Framework Framework Python com CLI para en...

The Hacker News•added 2026/03/23 6:15 a.m.•5 views

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance SMA, according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consiste...

10CVSS6AI score0.39315EPSS