CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 1:20 p.m.•6 views

EUVD-2026-32498

7.5CVSS5.8AI score0.00127EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43974

7.5CVSS5.8AI score0.00127EPSS

EUVD•added 2026/05/26 7:54 p.m.•5 views

EUVD-2026-31978

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS6.3AI score0.0008EPSS

OSV•added 2026/05/26 2:34 p.m.•3 views

MAL-2026-4817 Malicious code in chainix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...

6.4AI score

ATTACKERKB•added 2026/05/26 7:49 a.m.•4 views

CVE-2026-39661

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18...

7.5CVSS5.8AI score0.00127EPSS

OSSF Malicious Packages•added 2026/05/25 1:2 p.m.•8 views

Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

OSSF Malicious Packages•added 2026/05/24 3:14 a.m.•7 views

Malicious code in tailwind-typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...

OSV•added 2026/05/24 3:14 a.m.•3 views

MAL-2026-4681 Malicious code in tailwind-typography-stylecss (npm)

OSSF Malicious Packages•added 2026/05/22 6:41 p.m.•7 views

Malicious code in tailwind-style-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...

6AI score

OSV•added 2026/05/22 6:41 p.m.•3 views

MAL-2026-4680 Malicious code in tailwind-style-typography (npm)

6AI score

OSV•added 2026/05/22 3:22 p.m.•4 views

MAL-2026-4610 Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

5.8AI score

OSV•added 2026/05/21 8:54 a.m.•3 views

MAL-2026-4393 Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

OSSF Malicious Packages•added 2026/05/20 7:31 p.m.•6 views

Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

OSV•added 2026/05/20 7:31 p.m.•3 views

MAL-2026-4448 Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

OSV•added 2026/05/20 7:13 p.m.•3 views

MAL-2026-4499 Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score

OSV•added 2026/05/20 7:7 p.m.•4 views

GO-2026-4965 Nuclei: Local File Read via require() Module Loader Bypass in github.com/projectdiscovery/nuclei

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References4

OSV•added 2026/05/20 1:17 p.m.•5 views

MAL-2026-4569 Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

OSV•added 2026/05/20 1:17 p.m.•3 views

MAL-2026-4662 Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

5.8AI score