CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

Deserialization of Untrusted Data

Deserialization of Untrusted Data

Deserialization of Untrusted Data

Packet Storm News•added 2026/06/11 12:0 a.m.•9 views

VS Code Extension Persistence

This Metasploit module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested...

Snyk•added 2026/06/11 12:0 a.m.•4 views

Exploits0

Deserialization of Untrusted Data

Snyk•added 2026/06/11 12:0 a.m.•4 views

Deserialization of Untrusted Data

Deserialization of Untrusted Data

OSSF Malicious Packages•added 2026/06/10 6:37 p.m.•10 views

Malicious code in @solana-labs/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91b0523027116b3981b0f1dfe925f01d8956eb19817aae6ea7d0022d5357fba4 Package @solana-labs/web3.js impersonates the legitimate @solana/web3.js and re-exports it as cover while running a malicious postinstall node...

OSV•added 2026/06/10 6:37 p.m.•8 views

Exploits0References6

MAL-2026-5525 Malicious code in @solana-labs/web3.js (npm)

OSV•added 2026/06/10 6:34 p.m.•3 views

Exploits0References6

GHSA-8H84-FHQQ-Q58V nebula-mesh: Decrypted CA private key persists in heap after signing

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...

5.3AI score0.0001EPSS

Exploits0References4

OSV•added 2026/06/10 5:11 p.m.•8 views

MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score

Exploits0References3

RedhatCVE•added 2026/06/10 2:59 p.m.•7 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS

OSV•added 2026/06/10 2:30 p.m.•6 views

MAL-2026-5511 Malicious code in nw-demo-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0c784f9f2bc00678e2648cce9c110ad5084c595b42f80e086bc8dbfbe034359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Imperva Blog•added 2026/06/10 2:13 p.m.•5 views

Compromise OpenClaw with Prompt Injections in Message Objects

Executive Summary As powerful personal AI assistants become increasingly widespread, their ability to access tools, files, and external services also makes them susceptible to prompt injection attacks, where malicious content can manipulate their behavior. This research evaluated OpenClaw against...

5.8AI score

Exploits0

OSV•added 2026/06/10 1:34 p.m.•10 views

MAL-2026-5510 Malicious code in npmjs_web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b691e4c1a13cf8174fdf8653d757594f18057650310bc89e376caa806602d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/10 1:34 p.m.•10 views

Malicious code in solidity-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/10 12:18 p.m.•7 views

MAL-2026-5502 Malicious code in graphbase-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bcdb883b3cbdcf4216f99f55d52d1b93db24271ddcf4a1e232f444a75709f76a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...