Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13335 matches found

Snyk
Snykadded 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @bookiply/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @guards-lib/auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview @hpcc/js-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.3 views

Malicious Package

Overview viewer-assets-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview babel-plugin-fbtee is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview experian-design-system-themes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview dwaiter-company-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:25 p.m.3 views

Malicious Package

Overview mdb-react-sortable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/04/13 3:14 p.m.2 views

Malicious Package

Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2026/04/13 1:21 p.m.34 views

CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

9.8CVSS0.00381EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/04/13 12:51 p.m.1 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
Veracode
Veracodeadded 2026/04/13 12:10 p.m.4 views

Denial Of Service

React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...

7.5CVSS7.2AI score0.00943EPSS
Exploits3References5Affected Software4
RedHat Linux
RedHat Linuxadded 2026/04/13 3:0 a.m.2 views

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

5.9CVSS7AI score0.00566EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2026/04/13 2:27 a.m.6 views

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

9.2CVSS6.7AI score0.00481EPSS
Exploits0References5
Packet Storm News
Packet Storm Newsadded 2026/04/13 12:0 a.m.6 views

SIR-Bench: Evaluating Investigation Depth in Security Incident Response Agents

We present SIR-Bench, a benchmark of 794 test cases for evaluating autonomous security incident response agents that distinguishes genuine forensic investigation from alert parroting. Derived from 129 anonymized incident patterns with expert-validated ground truth, SIR-Bench measures not only...

5.8AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2026/04/12 6:49 p.m.1 views

CVE-2026-40393

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/10 8:59 p.m.4 views

pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in pypdf==6.10.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3724...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/10 8:18 p.m.6 views

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/04/10 8:18 p.m.2 views

EUVD-2026-21506

Step CA affected by an index out of bounds panic in TPM attestation EKU validation...

3.7CVSS5.8AI score0.00181EPSS
Exploits0References5
Rows per page
Query Builder