Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 1:49 a.m.6 views

Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

5.9AI score
Exploits0References5
NVD
NVDadded 2026/03/26 9:17 p.m.0 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

5.5CVSS0.00066EPSS
Exploits1References3
Snyk
Snykadded 2026/02/17 9:40 p.m.2 views

Missing Authentication for Critical Function

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the verifyWebhook function. An attacker can send forged webhook requests to the Telnyx voice-call endpoint by omitting signature...

8.7CVSS5.6AI score0.00047EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-18144

Malware in sbrugna...

5.5CVSS5.6AI score0.0007EPSS
Exploits0References6
Rows per page
Query Builder