CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/21 12:0 a.m.•7 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from hardcoding MySQL database credentials in the loader.php file and submittin...

9.2CVSS5.9AI score0.00305EPSS

OSSF Malicious Packages•added 2026/05/20 7:31 p.m.•9 views

Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

The Hacker News•added 2026/05/20 5:12 a.m.•13 views

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

5.8AI score

OSSF Malicious Packages•added 2026/05/20 3:22 a.m.•8 views

Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

6AI score

Packet Storm News•added 2026/05/20 12:0 a.m.•7 views

Wireshark Analyzer 4.6.6

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

OSV•added 2026/05/19 3:51 p.m.•11 views

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.00208EPSS

Exploits1References5

Packet Storm News•added 2026/05/18 12:0 a.m.•7 views

Flawfinder 2.0.20

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function...

HackRead•added 2026/05/17 10:17 a.m.•10 views

Grafana Says It Rejected Ransom Demand After Source Code Theft

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected...

NVD•added 2026/05/14 6:16 p.m.•9 views

CVE-2026-6332

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

7.5CVSS0.00125EPSS

Cvelist•added 2026/05/14 4:54 p.m.•30 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

6.8CVSS0.00125EPSS

ATTACKERKB•added 2026/05/14 4:54 p.m.•8 views

CVE-2026-6332

6.8CVSS5.8AI score0.00125EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/14 4:54 p.m.•7 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

6.8CVSS5.8AI score0.00125EPSS

EUVD•added 2026/05/14 4:54 p.m.•12 views

EUVD-2026-30346

6.8CVSS5.8AI score0.00125EPSS

CVE•added 2026/05/14 4:54 p.m.•19 views

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

7.5CVSS5.8AI score0.00125EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•8 views

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

7.5CVSS5.8AI score0.00125EPSS

Packet Storm News•added 2026/05/14 12:0 a.m.•21 views

Wapiti Web Application Vulnerability Scanner 3.3.0

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...