CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

621 matches found

Vulnrichment•added 2026/05/15 1:41 a.m.•5 views

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00023EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/12 4:19 a.m.•4 views

Malicious code in @uipath/insights-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4a14d8ee3cc65fe720a880c72000a911cbc45433f4113501a7246c018798380 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References6

OSSF Malicious Packages•added 2026/04/23 3:59 a.m.•4 views

Malicious code in undicy-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...

5.7AI score

Exploits0References1

OSV•added 2026/03/16 12:0 a.m.•3 views

MAL-2026-1504 Malicious code in transform-jsbi-to-bigint (npm)

The package 'transform-jsbi-to-bigint' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/03/05 4:18 p.m.•4 views

Malicious code in pear-apps-lib-ui-react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/01/22 9:7 a.m.•6 views

Malicious code in @alluxio/common-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f082b7a72d74e881f10d6e0f01c1aef7a0a07b0f446d5a9d31a4763ffed2ed8 The package @alluxio/common-ui was found to contain malicious code. Source: ghsa-malware...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/01/19 12:59 a.m.•6 views

Malicious code in private-payment-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96c4346497d58e1d5eca5c47353d4491578827b6095eb0f62dc7ff4449c0758b The package private-payment-lib was found to contain malicious code. Source: ghsa-malware...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2025/12/31 1:21 p.m.•5 views

Malicious code in @vietmoney/vision-camera-code-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e01bd6cc2d11eb6ddf080b713c76d97cd699ee78c903b01d3ef95fb2fc23356 The package @vietmoney/vision-camera-code-scanner was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2025/12/10 1:58 a.m.•3 views

Malicious code in ecmascript-runtime-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2749802bf68a2c601d1c2e22b4a398e096fca7b10d248305df538e8364390259 The package ecmascript-runtime-client was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

OSV•added 2025/11/24 2:5 p.m.•2 views

MAL-2025-190761 Malicious code in @zapier/babel-preset-zapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9189b0afaf74836818d1b081a853ae3fcc6193845bdbd74338171e535fd1391 The package @zapier/babel-preset-zapier was found to contain malicious code. Source: ghsa-malware...

6.8AI score

Exploits0References4

OSSF Malicious Packages•added 2025/11/24 12:31 p.m.•4 views

Malicious code in @zapier/secret-scrubber (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c109e973086267fe5b99a110c559267a26254a0bb87dcffbaf3fb69ea4bbca75 The package @zapier/secret-scrubber was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References4

OSV•added 2025/10/29 10:46 p.m.•1 views

MAL-2025-49000 Malicious code in express-redact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4f7506bc61afb104333b21673f4899d6ea5e6982fcb1be7623fafcb4f5580a7 The package express-redact was found to contain malicious code. Source: ghsa-malware a883eba91191de6920dc8a2f765112365ac2835f16dd0918d3750d99a89cc9e9...

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2025/10/28 2:4 a.m.•3 views

Malicious code in ews-paze-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 919f20823a98370aeff343ebdedbd1f86353649a1f852ec6c5ef7314925970d4 The package ews-paze-toolkit was found to contain malicious code. Source: ghsa-malware 60989a72103601dc11b185549de7abb4bdb1442776d790dab1945d25b5ab27...

6.9AI score

Exploits0References1

OSV•added 2025/10/09 9:4 p.m.•2 views

MAL-2025-48165 Malicious code in redirect-gjl674 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bdb836520004a9db5e1f2dc393f60b5fe6e9e65fb767a0fa9a657ba4ab54219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1