CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/27 12:0 a.m.•13 views

MIRAGE: Context-Aware Prompt Injection against Mobile GUI Agents Via User-Generated Content

Mobile graphical user interface GUI agents driven by vision-language models VLMs perceive the screen as rendered pixels and choose actions from what they see, so they cannot reliably separate trusted interface elements from user-generated content. We present MIRAGE Mobile Injection of Realistic...

GithubExploit•added 2026/05/26 11:45 a.m.•52 views

XSSaudit

XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...

6AI score

OSSF Malicious Packages•added 2026/05/22 2:23 p.m.•8 views

Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

6AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/08 7:38 a.m.•10 views

Malicious code in justinleaguekems (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/08 7:38 a.m.•5 views

MAL-2026-3380 Malicious code in justinleaguekems (PyPI)

OSSF Malicious Packages•added 2026/05/08 7:35 a.m.•10 views

Malicious code in yeahmankema (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/08 7:35 a.m.•4 views

MAL-2026-3386 Malicious code in yeahmankema (PyPI)

OSV•added 2026/05/07 6:43 p.m.•7 views

MAL-2026-3367 Malicious code in crayrandomiz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSSF Malicious Packages•added 2026/05/07 6:43 p.m.•8 views

Malicious code in crayrandomiz (PyPI)

NVD•added 2026/05/07 3:16 p.m.•29 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS0.00288EPSS

Exploits0References4

The Hacker News•added 2026/05/07 11:33 a.m.•15 views

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

10CVSS6.5AI score0.03678EPSS

Exploits1

OSSF Malicious Packages•added 2026/05/07 5:42 a.m.•8 views

Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

OSV•added 2026/05/07 5:42 a.m.•7 views

MAL-2026-3364 Malicious code in quicklytookerv (PyPI)

Positive Technologies•added 2026/05/07 12:0 a.m.•16 views

PT-2026-38400

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description The screenshots, tasks, and component link API endpoints allow for the enumeration of translations within a project that the user should not be able to access. Recommendations Update to version 5.17...

4.3CVSS5.8AI score0.00288EPSS

Exploits0References13

OSSF Malicious Packages•added 2026/05/04 10:29 a.m.•7 views

Malicious code in randomchoicemas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dc4c38310ad4ec9a939abd09fa48fce4f2f2e91e02389d59f3fefc30eda4c2c The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. The flatpak-builder command applies the finish-args option last in the build process. At this point, the build directory will have full acce...

7.7CVSS7AI score0.01712EPSS

Wired Threat Level•added 2026/04/28 5:49 p.m.•5 views

Why Sharing a Screenshot Can Get You Jailed in the UAE

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years...

5.3AI score