CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2406 matches found

Packet Storm News•added 3 days ago•7 views

Windows BITS Jobs Persistence Scanner

This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...

6AI score

Exploits0

Packet Storm News•added 4 days ago•8 views

Espanso 2.3.0 Configuration Security Auditor

This Python script implements a security auditing tool for Espanso configuration files. The EspansoSecurityAuditor class scans Espanso match configurations for potentially dangerous shell commands, insecure permissions, and suspicious execution patterns that could indicate malicious automation or...

5.9AI score

Exploits0

OSV•added 2026/05/28 12:0 a.m.•4 views

MAL-2026-4908 Malicious code in @cloudplatform-single-spa/dataplatform-flink (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score

Exploits0References1

OSV•added 2026/05/20 8:31 a.m.•3 views

MAL-2026-4434 Malicious code in @semacode/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 8:31 a.m.•5 views

Malicious code in @semacode/cli (npm)

5.8AI score

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instanceDestroyrcu syzbot reported that nfreinject could be called without rcureadlock: WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

5.5CVSS6.5AI score0.00017EPSS

Exploits0References2

Packet Storm News•added 2026/05/20 12:0 a.m.•6 views

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

5.9AI score

Exploits0

Imperva Blog•added 2026/05/06 6:28 p.m.•5 views

Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

10CVSS7.5AI score0.94398EPSS

Exploits8

Snyk•added 2026/05/04 1:43 a.m.•1 views

Malicious Package

Overview temhe-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5eprivinit cleanup flow When mlx5eprivinit fails, the cleanup flow calls mlx5eselqcleanup which calls mlx5eselqapply which assures that the priv-statelock is held using lockdepisheld. Acquire the statelock in...

5.5CVSS6.4AI score0.00015EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...

5.7AI score0.00024EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/04/06 9:11 a.m.•3 views

Malicious code in commerce-utils (npm)

Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...

6.5AI score

Exploits0References1

OSV•added 2026/04/06 9:11 a.m.•3 views

MAL-2026-2497 Malicious code in commerce-utils (npm)

6.3AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 9:8 a.m.•2 views

Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

5.9AI score

Exploits0References1

OSV•added 2026/03/24 9:8 a.m.•1 views

MAL-2026-2411 Malicious code in @wame/ngx-adfs (npm)

Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 9:8 a.m.•3 views

Malicious code in @wame/ngx-adfs (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 9:8 a.m.•1 views

Malicious code in tombac-chronos (npm)

Suspicious install script executing index.js and an untrustworthy author email domain sl4x0.xyz strongly suggest this package is malware. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e040ef4bdedbed143a5a8d1a1bb0389fa07848772a87c03da1c67557ced13e The package...

5.9AI score

Exploits0References1

OSV•added 2026/03/24 9:7 a.m.•0 views

MAL-2026-2409 Malicious code in @phonos/types (npm)

Multiple evidences indicate malicious behavior: obfuscation, suspicious install script, access to sensitive functionalities, and untrustworthy source. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c10ea271203f85e595559214b08565cef54710fcc605eca02483606041cf5...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 9:7 a.m.•3 views

Malicious code in @phonos/types (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/24 9:7 a.m.•5 views

Malicious code in oc-navbar-module-client (npm)

Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...

5.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by