CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/26 6:25 a.m.•5 views

MAL-2026-4779 Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

OSSF Malicious Packages•added 2026/05/26 6:25 a.m.•8 views

Malicious code in ether-bn.js (npm)

EUVD•added 2026/05/25 3:15 a.m.•11 views

EUVD-2026-31624

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00047EPSS

OSV•added 2026/05/23 10:34 a.m.•3 views

CLSA-2026-1779532464 grafana: Fix of CVE-2022-39324

CVE-2022-39324: build snapshot originalUrl on the backend with a UID check and warn through a confirm modal before navigating to a cross-origin snapshot URL...

6.7CVSS6.8AI score0.00185EPSS

Exploits0References1

EUVD•added 2026/05/06 3:32 p.m.•2 views

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

NVD•added 2026/05/06 1:16 p.m.•7 views

CVE-2026-5081

9.1CVSS0.00038EPSS

Cvelist•added 2026/05/06 12:16 p.m.•25 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

0.00038EPSS

Debian CVE•added 2026/05/06 12:16 p.m.•2 views

CVE-2026-5081

ATTACKERKB•added 2026/05/06 12:16 p.m.•2 views

CVE-2026-5081

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/06 12:16 p.m.•1 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

5.8AI score0.00038EPSS

Tenable Nessus•added 2026/05/06 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37627

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...

Positive Technologies•added 2026/04/10 12:0 a.m.•2 views

Exploits0References11

PT-2026-31949

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

4.3CVSS5.9AI score0.00033EPSS

Exploits1References7

Metasploit•added 2026/04/02 7:2 p.m.•104 views

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION ms...

Metasploit•added 2026/04/02 7:2 p.m.•102 views

HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

Metasploit•added 2026/04/02 7:2 p.m.•108 views

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

UbuntuCve•added 2026/02/25 1:16 p.m.•2 views

CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00014EPSS