Lucene search
K

66 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:15 a.m.13 views

Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:41 a.m.16 views

Malicious code in rdflib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9a536a077e23bda8e10a55aa1177de28f4f5a8622e08914eeab437e8036940 package.json for this release declares two runtime dependencies — "package-lock.json": "^1.0.0" and "package.json": "^2.0.1" — inside the dependencie...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/19 9:36 p.m.14 views

MAL-2026-4764 Malicious code in pycalendar-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda873c38a1eee9ecea320371b0473466144f2bd41bc778dff8510cb5dcf4b5f pyproject.toml line 8 declares httpxyz as a runtime dependency dependencies = 'httpxyz',..., and pycalendarapi/utils/httpclient.py imports httpxyz an...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 5:50 p.m.6 views

MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 1:41 a.m.9 views

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 1:41 a.m.10 views

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00139EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 1:41 a.m.21 views

EUVD-2026-30496

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 1:41 a.m.57 views

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:43 p.m.9 views

CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS5.8AI score0.00321EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/01 11:18 a.m.4 views

EUVD-2026-26497

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

8.8CVSS5.9AI score0.00168EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:49 p.m.5 views

CVE-2026-40316

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pullrequesttarget trigger to run wit...

8.8CVSS6.3AI score0.00411EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/02/28 5:2 a.m.7 views

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References17Affected Software1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.2 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References3
NVD
NVD
added 2025/12/10 4:16 p.m.5 views

CVE-2025-34422

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-25349

Malware in sbrugna...

7.2CVSS6.6AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2452

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00697EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.3 views

CVE-2021-35297

Scalabium dBase Viewer version 2.6 Build 5.751 is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler SEH records and redirect execution to attacker-controlled code...

7.8CVSS7.9AI score0.01211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/18 9:24 p.m.18 views

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

7AI score0.00394EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/05/18 9:24 p.m.14 views

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

4.3CVSS4.8AI score0.00394EPSS
Exploits0
Rows per page
Query Builder