CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19611 matches found

OSSF Malicious Packages•added 2026/04/03 7:6 p.m.•5 views

Malicious code in strapi-plugin-nordica-deep (npm)

strapi-plugin-nordica-deep is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:6 p.m.•2 views

MAL-2026-2474 Malicious code in strapi-plugin-nordica-deep (npm)

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 7:5 p.m.•6 views

Malicious code in strapi-plugin-nordica-vhost (npm)

strapi-plugin-nordica-vhost is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:5 p.m.•4 views

MAL-2026-2476 Malicious code in strapi-plugin-nordica-recon (npm)

strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:5 p.m.•4 views

MAL-2026-2472 Malicious code in strapi-plugin-nordica-api (npm)

strapi-plugin-nordica-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 7:4 p.m.•6 views

Malicious code in strapi-plugin-nordica-cms (npm)

strapi-plugin-nordica-cms is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•3 views

MAL-2026-2478 Malicious code in strapi-plugin-nordica-sync (npm)

strapi-plugin-nordica-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 7:4 p.m.•7 views

Malicious code in strapi-plugin-nordica-sync (npm)

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•2 views

MAL-2026-2475 Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•4 views

MAL-2026-2479 Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•3 views

MAL-2026-2484 Malicious code in strapi-plugin-sitemap-gen (npm)

strapi-plugin-sitemap-gen is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:28 p.m.•6 views

Malicious code in strapi-plugin-locale (npm)

strapi-plugin-locale is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:26 p.m.•7 views

Malicious code in strapi-plugin-form (npm)

strapi-plugin-form is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score

Exploits0References2

OSV•added 2026/04/03 5:26 p.m.•2 views

MAL-2026-2462 Malicious code in strapi-plugin-form (npm)

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:24 p.m.•5 views

Malicious code in strapi-plugin-sync (npm)

strapi-plugin-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:23 p.m.•4 views

Malicious code in strapi-plugin-health (npm)

strapi-plugin-health is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score

Exploits0References2

RedhatCVE•added 2026/04/03 5:0 p.m.•4 views

CVE-2026-5352

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

8.8CVSS6.4AI score0.04123EPSS

Exploits1References1

RedhatCVE•added 2026/04/03 5:0 p.m.•7 views

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

8.8CVSS5.7AI score0.05698EPSS

Exploits1References1

RedhatCVE•added 2026/04/03 5:0 p.m.•3 views

CVE-2026-5355

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

8.8CVSS6.3AI score0.04778EPSS

Exploits1References1

RedhatCVE•added 2026/04/03 5:0 p.m.•3 views

CVE-2026-5327

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.3AI score0.0111EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by