CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2026/05/21 1:17 a.m.•10 views

CVE-2026-45409 vulnerabilities

Vulnerabilities for packages: text-generation-inference, dask-kubernetes-fips, vllm-openai-cuda-13.0, opentelemetry-python-instrumentation, authentik, datadog-agent-fips, wazuh-manager-fips, ggshield, ansible-operator-fips, azureml-inference-server-http-fips, confluent-docker-utils, kserve,...

6.9CVSS6.1AI score0.00018EPSS

Chainguard•added 2026/05/21 1:17 a.m.•7 views

GHSA-65PC-FJ4G-8RJX vulnerabilities

5.2AI score

OSV•added 2026/05/21 12:0 a.m.•0 views

OPENSUSE-SU-2026:10834-1 caca-utils-0.99.beta20+git.1776622070.7c8e333-1.1 on GA media

These are all security issues fixed in the caca-utils-0.99.beta20+git.1776622070.7c8e333-1.1 package on the GA media of openSUSE Tumbleweed...

7.8CVSS5.8AI score0.00086EPSS

OSSF Malicious Packages•added 2026/05/20 2:47 p.m.•5 views

Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

5.8AI score

OSV•added 2026/05/20 2:47 p.m.•3 views

MAL-2026-4184 Malicious code in stripe-internal-utils (npm)

5.8AI score

OSV•added 2026/05/20 10:48 a.m.•2 views

ROOT-APP-MAVEN-CVE-2022-29599 CVE-2022-29599 in io.root.org.apache.maven.shared:maven-shared-utils - Patched by Root

Root has patched CVE-2022-29599 in the io.root.org.apache.maven.shared:maven-shared-utils package for Root:Maven. Multiple fixed versions available...

9.8CVSS7.2AI score0.00255EPSS

OSSF Malicious Packages•added 2026/05/20 9:42 a.m.•7 views

Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

OSV•added 2026/05/20 8:33 a.m.•3 views

Exploits0References2

MAL-2026-4196 Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

OSV•added 2026/05/20 6:43 a.m.•10 views

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Exploits0References3

Astra Linux - уязвимость в maven-shared-utils

In Apache Maven’s maven-shared-utils before version 3.3.3, the Commandline class could generate double-quoted strings without proper escaping, allowing for shell injection attacks...

9.8CVSS7.2AI score0.00255EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в rustc

crossbeam-utils provides atomic operations, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. Prior to version 0.8.7, crossbeam-utils incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u...

8.1CVSS7.1AI score0.00361EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в python-oslo.utils

A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...

4.9CVSS6.2AI score0.01417EPSS

Exploits1References1

OSSF Malicious Packages•added 2026/05/20 3:9 a.m.•7 views

Malicious code in figma-d2c-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65db74a06749bbb141552f97e91b15d5bdd91b57a0136dfc8bfb4034b659c8f The package ships dist/report.js, a one-line module that issues an HTTPS POST to https://www.baidu.com carrying values read from process.env. The...

5.8AI score

OSV•added 2026/05/20 2:11 a.m.•7 views

MAL-2026-4534 Malicious code in color-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cf4aaa2cd7a20b222a1a4150a7b9e1f79d9b0a09c8fe4a5689e55bad9bc087 On npm install, all three lifecycle hooks preinstall, install, postinstall execute postinstall.js, which harvests installer secrets and exfiltrates...

OSSF Malicious Packages•added 2026/05/20 2:11 a.m.•6 views

Exploits0References6

Malicious code in color-style-utils (npm)

OSSF Malicious Packages•added 2026/05/20 1:40 a.m.•5 views

Exploits0References6

Malicious code in stripe-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/05/20 1:40 a.m.•6 views

MAL-2026-4180 Malicious code in stripe-utils (PyPI)

OSV•added 2026/05/20 1:33 a.m.•3 views

MAL-2026-4494 Malicious code in axois-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48eb1a16cb7cac016f30a49f81d472b9b4e02236b97c5daaea4446b74e6aa069 The package name is a single-character transposition of axios. package.json declares preinstall, install, and postinstall hooks all pointing at...