CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5365 matches found

Hardcoded Admin Credentials For Cisco Smart Licensing Utility API

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit...

9.8CVSS7.6AI score0.9201EPSS

Exploits0References2

Nuclei•added 6 days ago•64 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.4AI score0.87113EPSS

Exploits4References5

Photon•added 2026/06/18 12:0 a.m.•5 views

Important Photon OS Security Update - PHSA-2026-5.0-0885

Updates of 'util-linux', 'rsync', 'jq' packages of Photon OS have been released...

8.1CVSS5.8AI score0.00643EPSS

Exploits4

OSV•added 2026/06/15 5:30 p.m.•8 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.4AI score

Exploits0References9

Talos•added 2026/06/15 12:0 a.m.•6 views

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS

Exploits0

OSSF Malicious Packages•added 2026/06/13 7:19 a.m.•10 views

Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

5.4AI score

Exploits0References2

OSV•added 2026/06/13 7:19 a.m.•11 views

MAL-2026-5739 Malicious code in sheratan_haha (npm)

5.4AI score

Exploits0References2

OSV•added 2026/06/13 6:51 a.m.•10 views

MAL-2026-5731 Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

5.4AI score

Exploits0References1

OSV•added 2026/06/13 6:51 a.m.•8 views

MAL-2026-5732 Malicious code in houzidawang808 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...

5.3AI score

Exploits0References1

OSV•added 2026/06/13 4:37 a.m.•10 views

MAL-2026-5729 Malicious code in houzidawang806 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...

5.5AI score

Exploits0References23

RedHat Linux•added 2026/06/11 1:41 a.m.•6 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

7.8CVSS5.5AI score0.00319EPSS

Exploits1References2

Packet Storm News•added 2026/06/11 12:0 a.m.•29 views

DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection

This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...

5.3AI score

Exploits0

SUSE CVE•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS

Exploits0References3

Packet Storm News•added 2026/06/10 12:0 a.m.•9 views

Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation

Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...

5.4AI score

Exploits0

OSV•added 2026/06/09 12:16 a.m.•7 views

DEBIAN-CVE-2026-11684

3.1CVSS5.5AI score0.00171EPSS

Exploits0References1