CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2026/05/05 12:0 a.m.•55 views

📄 phpMyFAQ 4.0.16 Improper Authorization

phpMyFAQ versions 4.0.16 and below suffer from an improper authorization vulnerability. Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link:...

6.5CVSS5.8AI score0.01734EPSS

Exploits3

Amazon•added 2026/05/05 12:0 a.m.•16 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...

9.4CVSS5.8AI score0.00433EPSS

Exploits2

Snyk•added 2026/05/04 9:28 p.m.•9 views

Missing Authentication for Critical Function

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by...

9.8CVSS5.8AI score0.00346EPSS

Exploits1References2

Snyk•added 2026/05/04 9:28 p.m.•7 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by sending a crafted installation request before the legitimate operator...

9.8CVSS5.8AI score0.00346EPSS

Exploits1References2

OSV•added 2026/05/04 9:10 p.m.•8 views

MAL-2026-3333 Malicious code in rogiant-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efdebb03bb05b0da602f813ad321bbc81c658ac1bec059a5a7fa73fed277a53b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSSF Malicious Packages•added 2026/05/04 8:53 p.m.•14 views

Malicious code in rogiant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c7f7e1dc50782abed477c5013c8a732e952d747ffa770f399571ff468699b8f3 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/05/04 8:53 p.m.•4 views

MAL-2026-3332 Malicious code in rogiant (PyPI)

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux

In the Linux kernel, from drivers/block/nbd.c up to version 5.10.12, there is a use-after-free in the nbdaddsocket function. This issue could be triggered by local attackers who have access to the nbd device. The attack occurs during I/O requests at a certain point in device setup, specifically...

7CVSS6.6AI score0.00251EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/03 8:23 p.m.•8 views

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Positive Technologies•added 2026/05/03 12:0 a.m.•10 views

PT-2026-45127

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC version 1.23 Description A stack-based buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPPoESetup function located in the /goform/formPPPoESetup file, where...

9CVSS8.3AI score0.00447EPSS

Exploits0References11

OSSF Malicious Packages•added 2026/05/02 6:32 p.m.•10 views

Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/05/02 6:32 p.m.•9 views

MAL-2026-3237 Malicious code in protocol-stub-generator (PyPI)

OSSF Malicious Packages•added 2026/05/02 3:0 p.m.•8 views

Malicious code in aocl-sparse-v3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10c555ef158bbcd1dd710fca14862d1cad9ad87ed4f4c35bf9c51d0a8a4fcdac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/05/02 3:0 p.m.•3 views

MAL-2026-3236 Malicious code in aocl-sparse-v3 (PyPI)

OSV•added 2026/05/02 10:31 a.m.•9 views

MAL-2026-3235 Malicious code in apexomni-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 497dca02206d8084e5a7e135245489a5ef9dd03f318b138574bc43386ddac0ef During installation, multiple sensitive environment variables are being exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...