CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/11 2:30 p.m.•28 views

CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban

9.9CVSS0.00335EPSS

EUVD•added 2026/06/11 2:30 p.m.•9 views

EUVD-2026-36249

9.9CVSS5.4AI score0.00335EPSS

CVE•added 2026/06/11 2:30 p.m.•17 views

CVE-2026-11839

CVE-2026-11839 concerns Başarsoft Rotaban. The issue is an unrestricted file upload of dangerous types that allows uploading a Web Shell to the web server. Affected Rotaban versions are V2026.06.002 prior to V2026.06.003. CVSS 3.1 base score 9.9 (CRITICAL) with network attack vector, low complexi...

9.9CVSS5.5AI score0.00335EPSS

OSSF Malicious Packages•added 2026/06/11 1:12 p.m.•7 views

Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

5.7AI score

OSV•added 2026/06/11 12:42 p.m.•6 views

MAL-2026-5643 Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.6AI score

OSSF Malicious Packages•added 2026/06/11 7:19 a.m.•12 views

Malicious code in internallib_v346 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f3f2c0990e02417fdf7012e6531393e81f786bb16019d0efdb03c049817f90 Package name targets an internal-only namespace and ships a reverse-shell payload. index.js line 5 unconditionally invokes exec'/bin/bash -c "bash -i...

5.4AI score

Exploits0References7

OSV•added 2026/06/11 7:19 a.m.•8 views

MAL-2026-5613 Malicious code in internallib_v346 (npm)

5.5AI score

Exploits0References7

OSV•added 2026/06/11 6:17 a.m.•7 views

MAL-2026-5620 Malicious code in telebot-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2 The package advertises itself as a configurable Telegram bot server README and.env.example reference TELEGRAMBOTTOKEN and ALLOWEDUSERIDS, but the cod...

6AI score

OSSF Malicious Packages•added 2026/06/11 5:0 a.m.•11 views

Malicious code in @bestlzk/sectest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfce552ac72417ec7db2c48e0e13b1d060007167e82bd0f9b10799efe85e7f4 On npm install, postinstall.js collects platform, Node version, current working directory, and OS username, then POSTs them as JSON to...

6.4AI score

OSV•added 2026/06/11 5:0 a.m.•7 views

MAL-2026-5561 Malicious code in @bestlzk/sectest (npm)

6.4AI score

OSSF Malicious Packages•added 2026/06/11 3:14 a.m.•6 views

Malicious code in @403name/fsevent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f86ca4502cc824c3684e8f1e08b088b974b4339829461b50d45e3fbc6f808eb On require, index.js runs an IIFE that gates to macOS, skips when CI or GITHUBACTIONS is set, waits 30-90 seconds, and writes a one-shot marker at...

5.9AI score

OSV•added 2026/06/11 3:14 a.m.•16 views

MAL-2026-5549 Malicious code in @403name/fsevent (npm)

5.9AI score

OSSF Malicious Packages•added 2026/06/11 2:58 a.m.•7 views

Malicious code in solana-web3-community (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 202fa4daf22c4ecace931dfbdbeee6821fe42c14956d35c763c55051528dee12 Package masquerades as the official @solana/web3.js SDK name solana-web3-community, author 'Solana Labs Maintainers ', repository...

5.5AI score

OSV•added 2026/06/11 2:58 a.m.•18 views

MAL-2026-5560 Malicious code in solana-web3-community (npm)

5.5AI score

OSSF Malicious Packages•added 2026/06/11 1:46 a.m.•7 views

Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

5.8AI score

OSV•added 2026/06/11 1:46 a.m.•9 views

MAL-2026-5545 Malicious code in acme-widget-layout-utils (PyPI)

5.8AI score

OSV•added 2026/06/11 12:51 a.m.•9 views

CLEANSTART-2026-WA48911 authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users

Multiple security vulnerabilities affect the percona-server-mongodb-operator package. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. See...

9.8CVSS5.5AI score0.01027EPSS

Exploits2References61

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48670

9.9CVSS5.4AI score0.00335EPSS