CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•2 views

ROOT-APP-NPM-CVE-2022-37601 CVE-2022-37601 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37601 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

9.8CVSS5.8AI score0.18844EPSS

Exploits1

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

Ubuntu•added 2 days ago•5 views

USN-8362-1: XZ Utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...

6.3CVSS6AI score0.0006EPSS

Exploits0

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in redteam-qxz7-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 855b67c0cf1aaed6f5e0ce3a67478a20cd4244c56424002feeeb0dea1a875848 During installation, the package exfiltrates cloud tokens from the environment. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score

OSV•added 3 days ago•7 views

MAL-2026-5120 Malicious code in redteam-qxz7-utils (PyPI)

6AI score

Vulnrichment•added 3 days ago•6 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS5.4AI score0.00043EPSS

Exploits0References6

Snyk•added 6 days ago•4 views

Malicious Package

Overview appkit-react-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 6 days ago•11 views

Malicious code in appkit-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 6 days ago•5 views

MAL-2026-5057 Malicious code in appkit-react-utils (npm)

OSSF Malicious Packages•added 2026/05/26 12:20 a.m.•11 views

Malicious code in fe-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...

5.9AI score

OSV•added 2026/05/26 12:20 a.m.•6 views

MAL-2026-4561 Malicious code in fe-utils-core (npm)

5.9AI score

Redos•added 2026/05/26 12:0 a.m.•9 views

ROS-20260526-73-0007

A vulnerability in the lzmaindexappend function of the XZ Utils data compression package is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

6.3CVSS6.5AI score0.0006EPSS

Exploits0

Snyk•added 2026/05/25 9:5 a.m.•5 views

Malicious Package

Overview @gbrlxvii/ts-form-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/05/25 9:5 a.m.•10 views

Malicious code in ts-iter-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52fbece62de86bd0498245046503745a1c94d8be949096277c47cd4a01f99dcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...