CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•8 views

CVE-2026-56395

9.6CVSS0.00391EPSS

CVE•added 4 days ago•19 views

CVE-2026-56397

CVE-2026-56397 affects SiYuan prior to v3.6.1 where Bazaar marketplace metadata and README aren’t sanitized, allowing malicious authors to inject HTML/JavaScript. This can enable remote code execution on users browsing Bazaar by embedding XSS payloads in displayName, description, or README, takin...

EUVD•added 4 days ago•8 views

EUVD-2026-38163

ATTACKERKB•added 4 days ago•6 views

CVE-2026-56397

CVE•added 4 days ago•19 views

CVE-2026-56395

SiYuan exposes a vulnerability (CVE-2026-56395) where SieYuan versions prior to 3.6.1 fail to sanitize Bazaar marketplace metadata and README content, enabling arbitrary HTML/JavaScript injection. The underlying issue is improper sanitization of package displayName, description, or README fields,...

EUVD•added 4 days ago•7 views

EUVD-2026-38161

ATTACKERKB•added 4 days ago•6 views

CVE-2026-56395

Cvelist•added 4 days ago•31 views

CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

9.6CVSS0.00391EPSS

Positive Technologies•added 4 days ago•11 views

PT-2026-51236

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.1 Description SiYuan fails to sanitize package metadata and README content within the Bazaar marketplace. This allows malicious authors to inject arbitrary HTML and JavaScript into the displayName, description, or...

OSSF Malicious Packages•added 2026/06/12 7:33 a.m.•9 views

Exploits0References7

Malicious code in trongapy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa840452c4774ec07d74bbed23fbe1c848a2d83303df3f028e73af31045b495 The package's only public function, permprivatekey in trongapy/main.py, unconditionally POSTs the caller-supplied Tron private key as JSON to a...

5.3AI score

OSV•added 2026/06/12 7:33 a.m.•7 views

MAL-2026-5683 Malicious code in trongapy (PyPI)

5.4AI score

OSSF Malicious Packages•added 2026/06/11 11:42 p.m.•10 views

Malicious code in trongap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2553656bd35d7c309dad6694d67fed7f3b09788cab260bf3eb5fbce84d0149c4 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.4AI score

OSV•added 2026/06/11 11:42 p.m.•7 views

MAL-2026-5681 Malicious code in trongap (PyPI)

5.4AI score

OSSF Malicious Packages•added 2026/06/11 5:10 a.m.•13 views

Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...

6.1AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/03 4:21 p.m.•8 views

Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.8AI score

OSV•added 2026/06/03 4:21 p.m.•10 views

MAL-2026-5181 Malicious code in tronlabpy3 (PyPI)

5.8AI score

OSV•added 2026/06/03 3:28 p.m.•15 views

MAL-2026-5178 Malicious code in tronlab (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44a6e385a64a2319d00a77e4eb063dd97f8a54dff9df20653fec1f3c3d40ecb9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.8AI score