CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added yesterday•3 views

MAL-2026-5463 Malicious code in db-dx-connector (npm)

5.6AI score

OSV•added yesterday•2 views

MAL-2026-5487 Malicious code in tailwind-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a2959fd43465328b090afd0464e0e3de0e1677ecd2068d4ef05bdfe5867b79 tailwind-form is a typosquat of the legitimate @tailwindcss/forms plugin README and repository field are copied from tailwindlabs/tailwindcss-forms,...

6.3AI score

OSSF Malicious Packages•added yesterday•3 views

Malicious code in tailwind-form (npm)

6.3AI score

RedhatCVE•added yesterday•2 views

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this vulnerability by providing a specially crafted ZIP archive containing a symbolic link and a regular file with the same path. This allows the attacker to write arbitrary files to locations outside the intended output...

7.5CVSS6.4AI score0.00057EPSS

Exploits0References6

NVD•added yesterday•4 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score

Exploits0References5

EUVD-2026-35519

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score

EUVD-2026-35516

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score

EUVD-2026-35518

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score

EUVD-2026-35697

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score

EUVD-2026-35501

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score

EUVD-2026-35699

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...

7.1CVSS5.7AI score

EUVD-2026-35505

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8CVSS7.3AI score

EUVD-2026-35681

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

7.5CVSS5.7AI score

EUVD-2026-35538

Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

6.5CVSS7.3AI score

EUVD-2026-35491

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

9.8CVSS5.9AI score

Exploits0References7

EUVD-2026-35530

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score

EUVD•added yesterday•4 views

EUVD-2026-35440

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.3AI score