Lucene search
K

5 matches found

OSV
OSV
added 2026/06/30 12:0 a.m.4 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References6
NVD
NVD
added 2026/05/11 7:16 p.m.17 views

CVE-2026-42864

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37285

Name of the Vulnerable Software and Affected Versions FireFighter versions prior to 0.0.54 Description The 'POST /api/v2/firefighter/raid/jira bot' endpoint CreateJiraBotView is accessible without authentication. The attachments payload is processed via httpx.get without URL validation, allowing ...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.23 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS8.7AI score0.00306EPSS
Exploits1References1
Rows per page
Query Builder