CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•13 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7.1AI score0.08669EPSS

Exploits4References2

Nuclei•added yesterday•9 views

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

7.5CVSS5.8AI score0.01211EPSS

IBM Security Bulletins•added 2 days ago•12 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System [CVE-2024-21144, CVE-2024-21131, CVE-2024-27267]

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Cloud Pak System . These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency...

5.9CVSS6.7AI score0.01056EPSS

Exploits0Affected Software1

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in leo-sdk (npm)

The leo-sdk npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score

OSV•added 2 days ago•5 views

MAL-2026-6430 Malicious code in leo-sdk (npm)

6.2AI score

RedHat Linux•added 3 days ago•6 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.01176EPSS

OSSF Malicious Packages•added 3 days ago•5 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

OSV•added 3 days ago•3 views

MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)

RedHat Linux•added 4 days ago•5 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.01176EPSS

Cvelist•added 4 days ago•29 views

CVE-2026-49241 Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

8.7CVSS0.00182EPSS

OSV•added 6 days ago•4 views

MAL-2026-6256 Malicious code in @withgoogle/stitch-sdk (npm)

@withgoogle/stitch-sdk is a scope-squatting package on npm that impersonates Google's Stitch AI design tool SDK. The attacker registered the @withgoogle scope to mimic Google's withgoogle.com domain and published versions 0.1.1 and 0.1.2 under the account maximus-mcmillan on June 19, 2026. The...

OSSF Malicious Packages•added 6 days ago•7 views

Exploits0References6

Malicious code in @withgoogle/stitch-sdk (npm)

AstraLinux•added last week•4 views

Exploits0References6

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Netwerk: Ethernet: mtkethsoc: fixed SER panic with 4GB+ RAM If the mtkpollrx function detects the MTKRESETTING flag, it will jump to releasedesc and refill the high word of the SDP on the 4GB RFB. Subsequently, mtkrxclean will...

5.5CVSS6.4AI score0.00159EPSS

OSV•added 2026/06/18 3:51 p.m.•6 views

ROOT-APP-GOBINARY-CVE-2026-39883 CVE-2026-39883 in rootio-go.opentelemetry.io/otel/sdk - Patched by Root

Root has patched CVE-2026-39883 in the rootio-go.opentelemetry.io/otel/sdk package for Root:Go. Multiple fixed versions available...

7CVSS5.2AI score0.00196EPSS

Exploits1

Snyk•added 2026/06/18 1:4 p.m.•6 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the CLOUDSDKPYTHON environment variable in the .env file during the Gmail setup process. An attacker can cause unintended Python runtime execution by manipulatin...

7.1CVSS6AI score0.00133EPSS

Cvelist•added 2026/06/17 9:5 p.m.•16 views

CVE-2026-12530 Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS0.00302EPSS