CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/23 4:48 p.m.•3 views

SUSE-SU-2026:0982-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...

5.3CVSS5.8AI score0.00087EPSS

Exploits0References3

SUSE Linux•added 2026/03/23 3:21 p.m.•4 views

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

9.9CVSS7AI score0.03345EPSS

Exploits1References16

Snyk•added 2026/03/23 1:47 p.m.•0 views

Malicious Package

Overview pulse-rsvp-card-entity is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Snyk•added 2026/03/23 1:47 p.m.•2 views

Malicious Package

Overview pulse-feature-flag is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 2026/03/23 1:47 p.m.•1 views

Malicious Package

Overview sd-basket-highlight is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 2026/03/23 1:47 p.m.•1 views

Malicious Package

Overview ty-config-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 2026/03/23 1:47 p.m.•1 views

Malicious Package

Overview netflixid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

IBM Security Bulletins•added 2026/03/23 1:37 p.m.•12 views

Security Bulletin: Multiple security vulnerabilities in Python affects IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTIO...

8.9CVSS6.9AI score0.00019EPSS

Exploits0Affected Software1

Cvelist•added 2026/03/23 1:35 p.m.•21 views

CVE-2026-4645

...

0.00152EPSS

Exploits0

OSSF Malicious Packages•added 2026/03/23 9:41 a.m.•4 views

Malicious code in license-utils-kit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb0116c55754c947c819c966f213a99864511536a414619cf3154b89be59f9e8 Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...

6AI score

RubySec•added 2026/03/23 12:0 a.m.•8 views

Rails Active Support has a possible DoS vulnerability in its number helpers

8.7CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

SUSE CVE•added 2026/03/22 12:23 a.m.•3 views

SUSE CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

6.5CVSS5.7AI score0.00014EPSS

Exploits0References3

Veracode•added 2026/03/21 5:27 a.m.•3 views

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to inefficient decoding of array-based streams, where accessing an array-based stream with many entries leads to long runtimes and large memory usage, and attackers can exploit it by crafting a malicious PDF with a large array-bas...

6.5CVSS5.8AI score0.00014EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/21 3:31 a.m.•0 views

GHSA-XQ3G-M3J8-2VMM Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...

8.7CVSS5.8AI score0.00179EPSS

Github Security Blog•added 2026/03/21 3:31 a.m.•3 views

Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

8.7CVSS5.8AI score0.00179EPSS

Exploits0References5Affected Software1

EUVD•added 2026/03/21 3:31 a.m.•2 views

EUVD-2026-13945

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

8.7CVSS5.9AI score0.00179EPSS