CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 hours ago•13 views

CVE-2026-50265

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...

7CVSS5.7AI score

OSV•added yesterday•5 views

MAL-2026-5187 Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffc0b5a7cfe173533053ac607e28d5e000c963fc1fd706bd9eedf57902e11c1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•4 views

MAL-2026-5186 Malicious code in autotel-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eecd710c08cdc339632aae89ee93e200267cea1c34d6b429ca9202265480842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.7AI score

OSV•added yesterday•4 views

MAL-2026-5185 Malicious code in @jagreehal/workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84103acc1e6580ad54c7a89f1ce423e9ac0a0ca4b943879c6f80e9e46fb23fce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.7AI score

EUVD•added yesterday•5 views

EUVD-2026-34289

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.8AI score

Vulnrichment•added yesterday•4 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

9CVSS5.8AI score

Nuclei•added yesterday•32 views

WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.07251EPSS

Exploits2References5

Positive Technologies•added yesterday•7 views

PT-2026-46254

9CVSS5.8AI score

Exploits0References2

NVD•added 2 days ago•8 views

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS0.00014EPSS

Exploits1References1

OSV•added 2 days ago•3 views

MAL-2026-5179 Malicious code in chai-midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2 days ago•3 views

MAL-2026-5180 Malicious code in nodemon-webpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b105e115122e719d986bfb11b73b58a67decc47f5a6b609b9f5e3ea496eb43ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cvelist•added 2 days ago•26 views

CVE-2026-46255 dmaengine: fsl-edma: don't explicitly disable clocks in .remove()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

0.00018EPSS

Exploits0References5

ATTACKERKB•added 2 days ago•3 views

CVE-2026-46255

5.8AI score0.00018EPSS

Exploits0References6Affected Software1

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in nodemon-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66b967b89b3b02913d1a55f4fe65d3e7ecf4e39d25f5fd49bfb2879f73724dc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2 days ago•3 views

MAL-2026-5175 Malicious code in webpack-json (npm)

Positive Technologies•added 2 days ago•5 views

PT-2026-46018

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsl edma engine::muxclk are allocated and enabled with devm clk get enabled, which automatically cleans these resources up, but these clocks are also...

5.8AI score0.00018EPSS

Exploits0References6

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-46255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which...

5.6AI score0.00018EPSS