CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/03/01 1:36 p.m.•136 views

hckr-tr

⠀⠀⠀⣠⣴⡶⢶⣦⣄⠀⠀⠀⠀⠀⠀⠀⠀⣾⠋⠙⢿⣆⣤⣤⣄⠀⠀⠀ ⠀⠀⢰⣿⠁⠀⠀⠀⠙⢷⡄⠀⠀⠀⠀⠀⢸⡿⠀⠀⠀⠛⠉...

6AI score

Exploits0

OSSF Malicious Packages•added 2026/03/01 10:0 a.m.•8 views

Malicious code in botbooster (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...

6AI score

OSV•added 2026/03/01 10:0 a.m.•3 views

MAL-2026-1097 Malicious code in botbooster (PyPI)

6AI score

OSV•added 2026/03/01 1:28 a.m.•4 views

GHSA-39MP-8HJ3-5C49 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+

Summary Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Details Python 3.13+ changed the definition of os.path.isabs so that root-relative paths like...

7.5CVSS6AI score0.03095EPSS

Exploits1References5

Github Security Blog•added 2026/03/01 1:28 a.m.•7 views

Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+

7.5CVSS6AI score0.03095EPSS

Exploits1References5Affected Software1

OSV•added 2026/02/28 10:36 p.m.•5 views

MAL-2026-1092 Malicious code in jwrincident (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

OSSF Malicious Packages•added 2026/02/28 4:43 p.m.•11 views

Malicious code in bladebit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f415139e8d21831bbadeb09351ae32306980ae4de3692fc6cafc1d72c2b99e28 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/02/28 12:45 p.m.•7 views

OESA-2026-1460 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS

OSV•added 2026/02/28 12:45 p.m.•5 views

OESA-2026-1459 python3 security update

6CVSS5.9AI score0.0055EPSS

OSV•added 2026/02/28 12:45 p.m.•5 views

OESA-2026-1458 python3 security update

6CVSS5.9AI score0.0055EPSS

OSV•added 2026/02/28 12:44 p.m.•7 views

OESA-2026-1448 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS5.9AI score0.00524EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•6 views

OESA-2026-1447 python-pip security update

8.9CVSS7.2AI score0.00524EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•5 views

OESA-2026-1445 python-pip security update

8.9CVSS6AI score0.00524EPSS

OSV•added 2026/02/28 12:44 p.m.•10 views

OESA-2026-1443 python-pip security update

8.9CVSS7.2AI score0.00524EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•6 views

OESA-2026-1432 protobuf security update

Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...

8.2CVSS5.9AI score0.00351EPSS

OSV•added 2026/02/28 11:25 a.m.•5 views

MAL-2026-1085 Malicious code in ctf-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e47981485066b674150cc4d9d3709e41707e69111f188e54e772becc7349ab89 The package states to contain a modified curl library to allow low-level request modifications. However, there is also undisclosed malicious behavior: 1. The...

Rockylinux•added 2026/02/28 9:6 a.m.•7 views

python-pyasn1 security update

An update is available for python-pyasn1. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

7.5CVSS6AI score0.00491EPSS

Exploits0

OSV•added 2026/02/28 9:6 a.m.•7 views

RLSA-2026:3359 Important: python-pyasn1 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS5.9AI score0.00491EPSS

GithubExploit•added 2026/02/28 7:32 a.m.•150 views

SSTI-Exploit-Lab

Server-Side Template Injection SSTI to RCE Lab 🎯 Executi...