Lucene search
K

304 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41984

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 2:55 a.m.8 views

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

5.8AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:30 p.m.9 views

Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:30 p.m.9 views

MAL-2026-6480 Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.9 views

Gitea: Open Redirect via redirect_to

Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...

6.1CVSS5.3AI score0.00248EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:4 p.m.12 views

Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

6.1AI score
Exploits0References14
OSV
OSV
added 2026/06/17 12:0 p.m.6 views

MAL-2026-6167 Malicious code in lazyloading-haptics (npm)

The npm package lazyloading-haptics published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49590

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. If a client follows a redirect to an attacker-controlled domain, the attacker may be able to extract...

6.3CVSS5.8AI score0.00178EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:21 a.m.16 views

Malicious code in sys-info-cli-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...

5.2AI score
Exploits0References3
OSV
OSV
added 2026/06/14 7:21 a.m.14 views

MAL-2026-5764 Malicious code in sys-info-cli-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...

5.3AI score
Exploits0References3
OSV
OSV
added 2026/06/13 8:3 p.m.16 views

MAL-2026-5744 Malicious code in loadninja-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc01a627a5f67d1af201bfe6575973437cce899d9767312d44a40369dc16cc46 [email protected] is a dependency-confusion package targeting an internal/private package namespace. package.json declares "postinstall": "node...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 8:3 p.m.16 views

Malicious code in loadninja-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc01a627a5f67d1af201bfe6575973437cce899d9767312d44a40369dc16cc46 [email protected] is a dependency-confusion package targeting an internal/private package namespace. package.json declares "postinstall": "node...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/13 7:4 a.m.12 views

MAL-2026-5735 Malicious code in node-multi-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:4 a.m.15 views

Malicious code in node-multi-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...

5.3AI score
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-45013

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configure...

8.1CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 7:3 p.m.15 views

MAL-2026-5707 Malicious code in ttspc-server-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ea79d9fce12a87d3949dc748617f8077a1ae0822fadab451c27d2c8a2feb9b [email protected] declares postinstall: node index.js in package.json, so on npm install it automatically executes index.js. The script...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/11 1:22 a.m.13 views

MAL-2026-5540 Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/10 6:22 p.m.10 views

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.15 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
Rows per page
Query Builder