CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205 matches found

OSV•added 2026/06/17 4:43 a.m.•4 views

MAL-2026-5983 Malicious code in metrics-probe-dc85 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...

5.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/15 4:22 p.m.•10 views

Malicious code in neural-network-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...

5.3AI score

Exploits0References4

OSSF Malicious Packages•added 2026/06/13 8:11 p.m.•10 views

Malicious code in oa-crm-webapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00cdaf89f7ae5fd12400ea55acd4849e8e5095dfc51188d3339ecdfa5dc0f2a1 [email protected] is a dependency-confusion payload squatting an internal-sounding package name. package.json declares a postinstall hook node...

6AI score

Exploits0References1

OSV•added 2026/06/09 5:41 p.m.•19 views

MAL-2026-5423 Malicious code in @nstrlabs/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:40 p.m.•10 views

MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:38 p.m.•6 views

MAL-2026-5422 Malicious code in @nstrlabs/shared-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efc72373a5a06d31becb2dd02ced949866c9da14ae6d0bfdb3b4f4c882e40445 On npm install, the package's preinstall script runs index.js, which collects host identifiers os.hostname, os.userInfo.username, dirname, process.cw...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:38 p.m.•7 views

MAL-2026-5419 Malicious code in @nstrlabs/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:36 p.m.•11 views

MAL-2026-5427 Malicious code in @payment-review/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...

5.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/09 5:35 p.m.•8 views

Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

5.4AI score

Exploits0References3

OSSF Malicious Packages•added 2026/06/09 5:35 p.m.•8 views

Malicious code in @klapp-login-platform/oidc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c2b86b9675d4d22e101f4f10f521cc36069ecebd1680d4c3ecfa0c04e8169da On npm install, the package executes node index.js via its preinstall hook. index.js collects the installer's hostname os.hostname, username...

5.5AI score

Exploits0References2

OSV•added 2026/06/09 5:35 p.m.•6 views

MAL-2026-5414 Malicious code in @klapp-login-platform/oidc (npm)

5.5AI score

Exploits0References2

Circl•added 2026/06/09 11:52 a.m.•9 views

CVE-2026-10731

creationtimestamp| type| source ---|---|--- 2026-06-09 11:52:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu53r2lny2v...

9.3CVSS5.3AI score0.00349EPSS

Exploits0References1

Circl•added 2026/05/30 5:7 p.m.•10 views

CVE-2018-25422

creationtimestamp| type| source ---|---|--- 2026-05-30 17:07:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3jzf4v5u2e...

8.8CVSS5.8AI score0.00262EPSS

Exploits0References1

OSV•added 2026/05/22 5:25 p.m.•6 views

MAL-2026-4629 Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

5.8AI score

Exploits0References3

ATTACKERKB•added 2026/05/06 6:47 a.m.•4 views

CVE-2026-7841

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...

8.8CVSS6.7AI score0.00593EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/05 12:0 a.m.•6 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Version 8.29.1 of Gotenberg contains a code vulnerability. This vulnerability stems from the FilterDeadline function, which returns nil unconditionally when...

7.2CVSS5.9AI score0.00236EPSS

Exploits1References1

Debian CVE•added 2026/04/23 8:59 p.m.•2 views

CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS5.9AI score0.00316EPSS

Exploits0

Circl•added 2026/04/09 9:38 a.m.•1 views

CVE-2026-34538

creationtimestamp| type| source ---|---|--- 2026-04-09 09:38:50+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj2j6e76qs26 2026-04-09 12:17:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj2s2ho2t52q...

6.5CVSS5.3AI score0.00685EPSS

Exploits0References2

Cvelist•added 2026/04/08 12:0 a.m.•19 views

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

0.00599EPSS

Exploits0References3

RedhatCVE•added 2026/04/07 10:51 a.m.•3 views

CVE-2026-5642

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

7.5CVSS5.6AI score0.00284EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by