Lucene search
+L

968 matches found

OSV
OSV
added 4 days ago5 views

MAL-2026-10638 Malicious code in monogrok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3369fb16804682addfec56904223d0255c2a0ca6d35481e744221e8252f2000d Package publishes as a generic 'M!T' library with an unrelated Apache-license README, but the tarball contains an offensive spam / phishing /...

6.2AI score
Exploits0References3
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-43249

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References6
NVD
NVD
added 2026/07/09 10:17 p.m.9 views

CVE-2026-53961

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/09 9:48 p.m.32 views

CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
CVE
CVE
added 2026/07/09 9:48 p.m.9 views

CVE-2026-53961

CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...

6.5CVSS6AI score0.00221EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/07/09 9:48 p.m.3 views

CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS6.1AI score0.00221EPSS
Exploits0References11
Chainguard
Chainguard
added 2026/07/09 2:17 p.m.11 views

GHSA-MG7H-Q7HW-M596 vulnerabilities

Vulnerabilities for packages: linux-aws...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/08 4:6 p.m.5 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS6AI score0.00126EPSS
Exploits0References4Affected Software1
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.7 views

GHSA-6GQ6-HXJH-9GRQ vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.8 views

GHSA-5Q2P-7748-G6QP vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.9 views

GHSA-7Q5M-QV9W-C8XX vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.8 views

GHSA-4PQW-3H25-QRQ3 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.10 views

GHSA-62M5-M548-5V5F vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.9 views

GHSA-5R3H-V82J-R7RR vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.10 views

GHSA-8CG3-6H68-W2CJ vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.8 views

GHSA-J962-FX34-5263 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.6 views

GHSA-HFRJ-R4V7-3997 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.5 views

CVE-2026-53218 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.5CVSS5.1AI score0.00128EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.6 views

CVE-2026-53212 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

7.8CVSS5.1AI score0.00125EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.10 views

CVE-2026-53205 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

7.1CVSS5.1AI score0.00131EPSS
Exploits0
Rows per page
Query Builder