CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23038 matches found

MAL-2026-6501 Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score

Exploits0References7

OSSF Malicious Packages•added yesterday•7 views

Malicious code in wellnpm (npm)

5.8AI score

Exploits0References7

EUVD•added 3 days ago•3 views

EUVD-2026-38846

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...

5.7AI score0.00173EPSS

Exploits0References4

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score

Exploits0References2

OSV•added 3 days ago•8 views

MAL-2026-6399 Malicious code in normalize-plus (npm)

6AI score

Exploits0References2

OSSF Malicious Packages•added 4 days ago•4 views

Malicious code in @muaththir/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...

5.7AI score

Exploits0References2

OSV•added 4 days ago•2 views

MAL-2026-6328 Malicious code in @muaththir/api (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 4 days ago•5 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score

Exploits0References4

OSV•added 4 days ago•5 views

MAL-2026-6336 Malicious code in sync-external (npm)

5.8AI score

Exploits0References4

EUVD•added 4 days ago•6 views

EUVD-2026-38455

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS

Exploits0References3

OSSF Malicious Packages•added 4 days ago•6 views

Malicious code in new-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...

5.9AI score

Exploits0References2

OSV•added 4 days ago•4 views

MAL-2026-6283 Malicious code in new-ecro-helper (npm)

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 4 days ago•7 views

Malicious code in ts-wross (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42dae43b7ff77748f10ae5faf6d87b7d63552e5629a37c931ea2c0de3539b469 Package is published under the name ts-wross but its package.json claims authorship by Michael Mclaughlin [email protected] and points its repository...

6AI score

Exploits0References2

OSV•added 4 days ago•3 views

MAL-2026-6278 Malicious code in ts-wross (npm)

6AI score

Exploits0References2

OSV•added 4 days ago•3 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score

Exploits0References3

OSSF Malicious Packages•added 4 days ago•6 views

Malicious code in node-core-libs (npm)

6.4AI score

Exploits0References3

OSV•added 4 days ago•4 views

MAL-2026-6277 Malicious code in search-from-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...

5.8AI score

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in TIF format

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through /libtiff/tools/tiffcrop.c:8499. Incorrect updates to the buffer size after the rotateImage function in tiffcrop cause a Heap-Buffer-Overflow and Segmentation Fault...

5.5CVSS6.9AI score0.00408EPSS

Exploits1References2

OSSF Malicious Packages•added 2026/06/19 8:8 a.m.•7 views

Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score

Exploits0References2

OSV•added 2026/06/19 8:8 a.m.•7 views

MAL-2026-6200 Malicious code in assert-kit (npm)

6AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by