CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/26 6:25 a.m.•12 views

Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

5.9AI score

OSV•added 2026/05/26 6:25 a.m.•11 views

MAL-2026-4779 Malicious code in ether-bn.js (npm)

5.9AI score

vulnersOsv•added 2026/05/26 6:21 a.m.•4 views

ether-bn.js (>=1.4.0 <=1.4.1) potentially affected by unknown CVE via unique-id-64 (=1.0.0)

unique-id-64 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on unique-id-64 and may be impacted: - ether-bn.js =1.4.0, =1.4.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4781...

EUVD•added 2026/05/25 3:15 a.m.•14 views

EUVD-2026-31624

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00293EPSS

OSV•added 2026/05/23 10:34 a.m.•4 views

CLSA-2026-1779532464 grafana: Fix of CVE-2022-39324

CVE-2022-39324: build snapshot originalUrl on the backend with a UID check and warn through a confirm modal before navigating to a cross-origin snapshot URL...

6.7CVSS6.8AI score0.00828EPSS

Exploits0References1

EUVD•added 2026/05/06 3:32 p.m.•8 views

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

NVD•added 2026/05/06 1:16 p.m.•13 views

CVE-2026-5081

9.1CVSS0.00321EPSS

ATTACKERKB•added 2026/05/06 12:16 p.m.•6 views

CVE-2026-5081

Exploits0References3Affected Software1

Cvelist•added 2026/05/06 12:16 p.m.•29 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

0.00321EPSS

Vulnrichment•added 2026/05/06 12:16 p.m.•3 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

5.8AI score0.00321EPSS

Debian CVE•added 2026/05/06 12:16 p.m.•3 views

CVE-2026-5081

Positive Technologies•added 2026/05/06 12:0 a.m.•13 views

PT-2026-37627

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...

Tenable Nessus•added 2026/05/06 12:0 a.m.•6 views

Exploits0References11

Linux Distros Unpatched Vulnerability : CVE-2026-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...

Positive Technologies•added 2026/04/10 12:0 a.m.•5 views

PT-2026-31949

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

4.3CVSS5.9AI score0.00216EPSS

Exploits1References7

Metasploit•added 2026/04/02 7:2 p.m.•130 views

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION ms...

Metasploit•added 2026/04/02 7:2 p.m.•134 views

HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

Metasploit•added 2026/04/02 7:2 p.m.•135 views

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

UbuntuCve•added 2026/02/25 1:16 p.m.•2 views

CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS