CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/04/13 3:14 p.m.•3 views

Malicious code in @b2b-portal/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a28e67919e3dfef2a8a434caec109791355b6f43d434d22bd9515f348a692c5e The package @b2b-portal/core was found to contain malicious code. Source: ghsa-malware 7a10dd57d5e27c26f36c8207faa6449838827281be33c9ecc99e025cfdea19...

5.7AI score

OSSF Malicious Packages•added 2026/03/16 12:0 a.m.•3 views

Malicious code in typescript-react-query (npm)

The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score

Exploits0References3

OSSF Malicious Packages•added 2026/01/06 2:21 p.m.•4 views

Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7.1AI score

OSV•added 2025/12/16 6:25 a.m.•3 views

MAL-2025-192585 Malicious code in betterjsloggin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de0ccde11f9011e9a5b0f96421a9d3088ed2f2604afdfc4f24d3753497729a06 The package betterjsloggin was found to contain malicious code. Source: ghsa-malware 9474602fb42d55f04ad6c25502fa73adc2f3313def621342428ea0b2f13c3d28...

6.8AI score

OSSF Malicious Packages•added 2024/09/02 1:42 a.m.•3 views

Malicious code in @diotoborg/corporis-repellat-dicta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3229e2ebcd959f3293a3029d72ff7cb7f47ff3432f84ec65dd90faf2300ef71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NVD•added 2024/02/09 4:15 a.m.•5 views

CVE-2023-49716

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer...

9.8CVSS8.3AI score0.00083EPSS

NVD•added 2024/02/09 4:15 a.m.•7 views

CVE-2023-46687

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer...

9.8CVSS9.9AI score0.00272EPSS

Prion•added 2024/02/09 4:15 a.m.•15 views

Cross site request forgery (csrf)

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer...

7.5CVSS7.7AI score0.00083EPSS

Exploits0References2Affected Software3

Cvelist•added 2024/02/09 3:45 a.m.•14 views

CVE-2023-49716 Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer...

6.9CVSS9.6AI score0.00083EPSS

Kitploit•added 2024/01/17 11:30 a.m.•163 views

pyGPOAbuse - Partial Python Implementation Of SharpGPOAbuse

Python partial implementation of SharpGPOAbuse by@pkb1s This tool can be used when a controlled account can modify an existing GPO that applies to one or more users & computers. It will create an immediate scheduled task as SYSTEM on the remote computer for computer GPO, or as logged in user for...

7.3AI score

Exploits0References4

OSSF Malicious Packages•added 2023/05/09 12:12 a.m.•3 views

Malicious code in recurrence-formatter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 970492e695237c754d7801c30cdab26ae4402dd14fe49a15fbe5a009641021e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•3 views

Malicious code in cms-serviceclients (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6378607eb6158e7d672a2316b410a0e35babc9eb618b207d8dee2c25d1212f7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CNNVD•added 2022/09/12 12:0 a.m.•2 views

AnyDesk 代码问题漏洞

AnyDesk is a remote desktop connection software from AnyDesk Germany. A security vulnerability exists in AnyDesk versions prior to 6.2.6 and 6.3.x prior to 6.3.5, which allows an attacker to upload files to the victim's computer without authorization when the attacker is connected to the same...

8.8CVSS8AI score0.0045EPSS

Exploits1References3

OSSF Malicious Packages•added 2022/08/22 5:27 a.m.•3 views

Malicious code in simontok (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caa06374b63fc26ac5950bd03891861724e6b84eafeeea9a17277df2116b3392 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:10 p.m.•3 views

Malicious code in electron-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75b506fc33ed414469cf76d4db3886a4df9ab59986b5f8a52180cc3d49df9077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...