CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58114 matches found

OSSF Malicious Packages•added 2026/03/20 10:31 a.m.•8 views

Malicious code in mcp-transport-proto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40306e4035df29c739d5073ccb341685275d5cebba588b7014898229752e11f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score

Exploits0References1

OSV•added 2026/03/20 10:31 a.m.•1 views

MAL-2026-1990 Malicious code in mcp-transport-proto (PyPI)

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/20 10:30 a.m.•5 views

Malicious code in cloud-datasets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7cbbef34e9c8a9e6db79ffb59dde86dafe9734166f201aae8a5d1837ac262fc0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score

Exploits0References1

OSV•added 2026/03/20 10:30 a.m.•2 views

MAL-2026-1986 Malicious code in cloud-datasets (PyPI)

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/20 10:28 a.m.•3 views

Malicious code in azure-eventhub-checkpointstoretable (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e41a629242e28270fbee568718ddef63da1e359ad5a5a1401ed85c48ef870d73 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score

Exploits0References1

OSV•added 2026/03/20 10:28 a.m.•1 views

MAL-2026-1985 Malicious code in azure-eventhub-checkpointstoretable (PyPI)

6AI score

Exploits0References1

OSV•added 2026/03/20 10:19 a.m.•4 views

RHSA-2026:5152 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

7.1CVSS6.7AI score0.00737EPSS

Exploits0References26

GithubExploit•added 2026/03/20 9:46 a.m.•139 views

CodoForum-v5.1---Remote-Code-Execution-RCE-

CodoForum v5.1 - Authenticated RCE Fixed Exploit CVE: 20...

5.9AI score

Exploits0

OSV•added 2026/03/20 9:20 a.m.•6 views

BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

5.8AI score0.00238EPSS

Exploits0References5

IBM Security Bulletins•added 2026/03/20 8:22 a.m.•4 views

Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data

Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...

5.9CVSS6.8AI score0.00444EPSS

Exploits0Affected Software1

Wolfi•added 2026/03/20 7:48 a.m.•8 views

GHSA-86JH-GRMM-2V3H vulnerabilities

Vulnerabilities for packages: python...

5.8AI score

Exploits0

Wolfi•added 2026/03/20 7:48 a.m.•6 views

CVE-2026-2297 vulnerabilities

Vulnerabilities for packages: python...

5.7CVSS5.8AI score0.00202EPSS

Exploits0

Chainguard•added 2026/03/20 7:17 a.m.•2 views

CVE-2026-2297 vulnerabilities

Vulnerabilities for packages: python...

5.7CVSS5.8AI score0.00202EPSS

Exploits0

Chainguard•added 2026/03/20 7:17 a.m.•4 views

GHSA-86JH-GRMM-2V3H vulnerabilities

Vulnerabilities for packages: python...

5.8AI score

Exploits0

Vulnrichment•added 2026/03/20 4:52 a.m.•4 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS7.9AI score0.98412EPSS

Exploits16References3

ATTACKERKB•added 2026/03/20 2:23 a.m.•3 views

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS5.7AI score0.0041EPSS

Exploits1References5Affected Software1

CVE•added 2026/03/20 2:23 a.m.•10 views

CVE-2026-32889

Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...

6.5CVSS5.7AI score0.0041EPSS

Exploits1References4Affected Software1

Chainguard•added 2026/03/20 1:17 a.m.•14 views

CVE-2026-32875 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

7.5CVSS5.8AI score0.00411EPSS

Exploits1

Chainguard•added 2026/03/20 1:17 a.m.•5 views

CVE-2026-32874 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

7.5CVSS5.8AI score0.00426EPSS

Exploits0