Lucene search
K

4805 matches found

OSV
OSV
added 2026/06/24 5:43 p.m.3 views

GHSA-PRJ9-97MP-MWH2 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering

Description The filterToDefinedArgumentsOnly function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with ot to bypass this filter. While two system arguments...

4.3CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:31 p.m.34 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Python 3.11

If the value passed to os.path.expandvars is controlled by the user, there is a possibility of performance degradation when expanding environment variables...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.7 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:41 a.m.12 views

MAL-2026-6383 Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.6 views

Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:41 a.m.5 views

MAL-2026-6381 Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:40 a.m.7 views

MAL-2026-6382 Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:40 a.m.7 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

4.3CVSS6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 7:33 p.m.8 views

Malicious code in hunsterx-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/23 7:33 p.m.5 views

MAL-2026-6337 Malicious code in hunsterx-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:7 p.m.8 views

Malicious code in toorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:7 p.m.6 views

MAL-2026-6290 Malicious code in toorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:7 p.m.8 views

Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

6.6AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:7 p.m.10 views

MAL-2026-6289 Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

6.6AI score
Exploits0References2
OSV
OSV
added 2026/06/23 10:25 a.m.2 views

SUSE-SU-2026:2531-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...

8.8CVSS6.3AI score0.006EPSS
Exploits1References29
OSV
OSV
added 2026/06/23 10:23 a.m.8 views

MAL-2026-6280 Malicious code in ip-rotat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 10:23 a.m.7 views

Malicious code in ip-rotat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/20 7:8 p.m.9 views

MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
Rows per page
Query Builder