CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/27 6:37 p.m.•5 views

MAL-2026-3104 Malicious code in robase-ui (PyPI)

Packet Storm News•added 2026/04/27 12:0 a.m.•4 views

Symbolic Execution Meets Multi-LLM Orchestration: Detecting Memory Vulnerabilities in Incomplete Rust CVE Snippets

This paper presents a system combining symbolic execution KLEE with a 4-agent multi-LLM architecture for detecting memory vulnerabilities in Rust unsafe code. A central challenge we address is the incomplete-code problem: CVE database entries provide only isolated code snippets that lack struct...

6.1AI score

Exploits0

OSSF Malicious Packages•added 2026/04/26 4:51 p.m.•5 views

Malicious code in robase-fast-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.7AI score

OSV•added 2026/04/26 4:51 p.m.•3 views

MAL-2026-3050 Malicious code in robase-fast-install (PyPI)

OSV•added 2026/04/26 1:9 a.m.•5 views

MAL-2026-3045 Malicious code in quicktestybesty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459aa54bf8ac82101b14d4f85d01dde304aa638276b69a76254ff080ea52d5af During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/04/25 8:27 p.m.•6 views

MAL-2026-3044 Malicious code in quicksolving (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 334524bfbf6438acc5016e76054740cdb532bdd9921695cbcc1852c568226708 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/04/25 7:52 p.m.•3 views

MAL-2026-3043 Malicious code in rosolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSSF Malicious Packages•added 2026/04/25 7:0 p.m.•8 views

Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.7AI score

Fedora•added 2026/04/25 1:59 a.m.•4 views

[SECURITY] Fedora 44 Update: python-pillow-12.2.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

8.7CVSS4.5AI score0.00485EPSS

Exploits0

Fedora•added 2026/04/25 1:52 a.m.•6 views

[SECURITY] Fedora 44 Update: rust-sccache-0.14.0-2.fc44

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

6.5CVSS5.4AI score0.00379EPSS

Exploits1

CNNVD•added 2026/04/23 12:0 a.m.•6 views

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, such as 3.1.0, contained code vulnerabilities. These vulnerabilities stemmed from multiple logical flaws in the security wrapper, allowing attackers to bypass the...

7.1CVSS7.1AI score0.00232EPSS

Exploits1References1

EUVD•added 2026/04/22 9:31 a.m.•6 views

EUVD-2026-24650

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

Fedora•added 2026/04/22 7:50 a.m.•4 views

Exploits0References6

[SECURITY] Fedora 43 Update: python-pillow-11.3.0-8.fc43

8.7CVSS4.5AI score0.00485EPSS

Exploits0

ATTACKERKB•added 2026/04/22 7:45 a.m.•4 views

CVE-2026-4085

CVE•added 2026/04/22 7:45 a.m.•11 views

Exploits0References6

CVE-2026-4085

Summary: CVE-2026-4085 affects the Easy Social Photos Gallery WordPress plugin (versions up to 3.1.2). The vulnerability is a Stored XSS via the wrapper_class attribute of the my-instagram-feed shortcode, caused by using sanitize_text_field() instead of escaping with esc_attr() when outputting in...

Vulnrichment•added 2026/04/22 7:45 a.m.•3 views

Exploits0References5

CVE-2026-4085 Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute

CNNVD•added 2026/04/22 12:0 a.m.•6 views

Exploits0References5

WordPress plugin Easy Social Photos Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00288EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34281

Name of the Vulnerable Software and Affected Versions Easy Social Photos Gallery versions prior to 3.1.3 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping of user-supplied attributes. The plugin uses the sanitize text field function...