CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•9 views

CVE-2026-9937

CVE-2026-9937 concerns a use-after-free in the UI of Google Chrome on Windows, prior to build 148.0.7778.216. The issue arises when a compromised renderer process can trigger a sandbox escape via a crafted HTML page. Affected: Chromium-based Chrome UI components; root cause described as a UI use-...

8.3CVSS5.8AI score0.00108EPSS

Exploits0References2Affected Software1

Cvelist•added 6 days ago•23 views

CVE-2026-9934

Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

0.00128EPSS

NVD•added 6 days ago•8 views

CVE-2026-42401

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS0.00023EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

4.1CVSS5.8AI score0.00023EPSS

ATTACKERKB•added 6 days ago•4 views

CVE-2026-42401

4.1CVSS5.8AI score0.00023EPSS

Exploits0References2Affected Software1

EUVD•added 6 days ago•5 views

EUVD-2026-33012

4.1CVSS5.8AI score0.00023EPSS

CVE•added 6 days ago•10 views

CVE-2026-42401

CVE-2026-42401 affects Kibana, where improper neutralization of input during web page generation (CWE-79) allows stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that, when rendered in a Kibana view by another user, may not be sufficiently sanit...

5.4CVSS5.8AI score0.00023EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•26 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

4.1CVSS0.00023EPSS

OSV•added 6 days ago•3 views

MAL-2026-4860 Malicious code in @qlab/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6202e241f53fd8e0b248f81b951077a67feef0f070b93c57b148d120cc70e69b The OpenSSF Package Analysis project identified '@qlab/ui' @ 2.0.6 npm as malicious. It is considered malicious because: - The package...

OSSF Malicious Packages•added 6 days ago•6 views

Malicious code in @qlab/ui (npm)

GithubExploit•added 6 days ago•44 views

WireDown

WireDown Autonomous AI-Driven Honeypot in a Zero-Gravity Physi...

10CVSS7.5AI score0.85058EPSS

Exploits38

OSSF Malicious Packages•added 6 days ago•10 views

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

OSV•added 6 days ago•2 views

MAL-2026-5027 Malicious code in @neon-i18n/core-ui (npm)

OSSF Malicious Packages•added 6 days ago•5 views

Malicious code in @polka-ui/loads (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1c2dc697d40151aa0c28a6e1bc5fd467a78649ea136e58a874a8269fec093ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 6 days ago•5 views

Malicious Package

Overview @polka-ui/configuration is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Snyk•added 6 days ago•7 views

Malicious Package

Overview @databus-service-ui/scroll-up-content is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Snyk•added 6 days ago•5 views

Malicious Package

Overview @polka-ui/loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OSSF Malicious Packages•added 6 days ago•5 views

Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 6 days ago•5 views

Malicious Package

Overview @polka-ui/loads is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...