CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•10 views

Malicious code in wrangler-deploy (npm)

5.7AI score

Snyk•added 2026/06/02 9:0 p.m.•7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score

OSSF Malicious Packages•added 2026/05/07 12:0 a.m.•15 views

Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score

OSV•added 2026/05/07 12:0 a.m.•4 views

MAL-2026-3644 Malicious code in camelotlabs-worker (npm)

5.9AI score

RedhatCVE•added 2026/03/26 5:3 p.m.•2 views

CVE-2026-25447

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

EUVD•added 2026/03/25 6:31 p.m.•4 views

EUVD-2026-15728

NVD•added 2026/03/25 5:16 p.m.•10 views

CVE-2026-25447

9.1CVSS0.00314EPSS

CVE•added 2026/03/25 4:14 p.m.•6 views

CVE-2026-25447

CVE-2026-25447 describes an Unauthenticated remote code execution vector in the WordPress plugin Widget Wrangler (

Cvelist•added 2026/03/25 4:14 p.m.•25 views

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

9.1CVSS0.00314EPSS

Vulnrichment•added 2026/03/25 4:14 p.m.•1 views

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

CNNVD•added 2026/03/25 12:0 a.m.•3 views

WordPress plugin Widget Wrangler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.1CVSS5.9AI score0.00314EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•11 views

PT-2026-27948

Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...

9.1CVSS5.9AI score0.00314EPSS

Exploits0References6

Patchstack•added 2026/03/18 8:16 a.m.•8 views

WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by NumeX in WordPress Plugin Widget Wrangler versions = 2.3.9...

9.1CVSS5.9AI score0.00314EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/22 12:20 a.m.•10 views

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

9.9CVSS6.1AI score0.01393EPSS

vulnersOsv•added 2026/01/21 11:0 p.m.•6 views

@astrojs/cloudflare (=0.4.0), @cfpreview/pages-e2e-test-runner-cli (>=0.0.1 <=0.0.8) +20 more potentially affected by CVE-2026-0933 via wrangler (>=2.0.23 <=3.114.1)

wrangler NPM version =2.0.23, =0.0.1, =1.0.387, =0.5.41, =2.1.0, =0.0.0-next-20230221055802, =1.0.0, =0.0.3, =0.0.47, =1.0.0, =1.0.0, =0.1.1, =0.1.106 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

9.9CVSS5.8AI score0.01393EPSS

vulnersOsv•added 2026/01/21 11:0 p.m.•5 views

@abuiles/vite-plugin (>=1.8.0 <=1.10.0), @anyauth/design-system (>=0.5.0 <=0.5.1) +13 more potentially affected by CVE-2026-0933 via wrangler (>=4.0.0 <=4.59.0)

wrangler NPM version =4.0.0, =1.8.0, =0.5.0, =12.6.6, =0.1.11, =0.8.0, =0.2.0, =0.0.0, =0.0.0-snapshot-00ab90b686754a33aa500cf83291fab93d5b82d9, =1.0.6, =1.7.8, =0.0.5, =0.1.0, =4.1.11, =6.3.1 Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

9.9CVSS5.4AI score0.01393EPSS

OSV•added 2026/01/21 11:0 p.m.•3 views

GHSA-36P8-MVP6-CV38 Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

7.7CVSS6AI score0.01393EPSS

Exploits0References6

Github Security Blog•added 2026/01/21 11:0 p.m.•10 views

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

9.9CVSS6.1AI score0.01393EPSS

Exploits0References6Affected Software1

EUVD•added 2026/01/21 12:31 a.m.•18 views

EUVD-2026-3519

7.7CVSS6.1AI score0.01393EPSS