CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/26 12:0 a.m.•6 views

Kubevirt 后置链接漏洞

Kubevirt is an open-source virtual machine manager developed by KubeVirt. Kubevirt has a post-installation vulnerability, which stems from improper verification of symbolic links. This vulnerability may allow authenticated OpenShift users to manipulate the console socket in a single namespace by...

9.9CVSS5.8AI score0.00121EPSS

OSSF Malicious Packages•added 2026/05/21 5:52 a.m.•5 views

Malicious code in auth0-templates-scripts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...

OSV•added 2026/05/19 8:10 p.m.•4 views

MAL-2026-4745 Malicious code in clearml-truen-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...

5.9AI score

OSSF Malicious Packages•added 2026/05/19 8:10 p.m.•7 views

Malicious code in clearml-truen-patch (PyPI)

5.9AI score

OSV•added 2026/05/15 8:42 a.m.•3 views

BIT-JUPYTERLAB-2026-42266 JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.00029EPSS

Exploits0References5

RedhatCVE•added 2026/05/15 1:57 a.m.•3 views

CVE-2026-31233

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.3AI score0.00378EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Claude Code 后置链接漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...

8.5CVSS5.8AI score0.00006EPSS

EUVD•added 2026/05/12 6:30 p.m.•7 views

EUVD-2026-29556

6.3AI score0.00378EPSS

Exploits0References3

Snyk•added 2026/05/12 6:30 p.m.•5 views

Arbitrary Code Injection

Overview guardrails-ai is an Adding guardrails to large language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the subprocess.checkoutput function. An attacker can execute arbitrary code by publishing a malicious package to the Hub, which is then install...

9.8CVSS6.2AI score0.00378EPSS

OSV•added 2026/05/12 6:30 p.m.•3 views

GHSA-R6HF-G5X6-7PV9 Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

9.8CVSS6.3AI score0.00378EPSS

Exploits0References3

NVD•added 2026/05/12 6:16 p.m.•7 views

CVE-2026-31233

9.8CVSS0.00378EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40120

6.3AI score0.00378EPSS

Exploits0References3

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...

9.8CVSS6AI score0.00378EPSS

CVE•added 2026/05/12 12:0 a.m.•10 views

CVE-2026-31233

CVE-2026-31233 affects Guardrails AI through version 0.6.7. The vulnerability resides in the Hub package installation mechanism: when installing validator packages, the system fetches a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The scr...

9.8CVSS6.3AI score0.00378EPSS

CNNVD•added 2026/05/05 12:0 a.m.•4 views

IOBit IObit Advanced SystemCare 后置链接漏洞

IOBit Advanced SystemCare is a system management utility developed by IOBit Corporation. This program is primarily used for scanning, repairing, and optimizing systems. Version 19 of IOBit Advanced SystemCare contained a post-installation vulnerability, which was caused by a issue with the Servic...

7.3CVSS7.1AI score0.00016EPSS

Vaadin•added 2026/04/17 12:0 a.m.•7 views

Vaadin Flow and the axios npm supply-chain compromise

On March 31, 2026, compromised versions of the popular axios HTTP client library 1.14.1 and 0.30.4 were published to NPM via a hijacked maintainer account. The malicious versions injected [email protected], a cross-platform RAT dropper that connected to a command-and-control server. The...

OSSF Malicious Packages•added 2026/04/10 7:7 a.m.•4 views

Malicious code in @genoma-ui/components (npm)

Malicious package detected. It uses pre/post install scripts to download/execute code and exfiltrate user data via curl from a hardcoded IP. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fb9acd5bf2a73c82be9ac19b7c0cad285cfea2a4b6ff69655f61e7e4a0c26c The...

OSV•added 2026/04/10 7:7 a.m.•1 views

MAL-2026-2823 Malicious code in @genoma-ui/components (npm)