Lucene search
K

20513 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:10 a.m.13 views

Malicious code in base-or-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/01 9:10 a.m.2 views

MAL-2026-2319 Malicious code in base-or-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 8:15 a.m.2 views

CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

7.5CVSS6.7AI score0.00385EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 8:15 a.m.20 views

CVE-2026-5261

Affected product: Shandong Hoteam InforCenter PLM up to version 8.3.8. Vulnerable component: the function uploadFileToIIS in /Base/BaseHandler.ashx. Root cause: manipulation of the File argument enables unrestricted upload, enabling remote exploitation. Public exploit exists. No remediation detai...

7.5CVSS6.8AI score0.00385EPSS
Exploits0References4
Fedora
Fedora
added 2026/04/01 12:57 a.m.7 views

[SECURITY] Fedora 43 Update: gstreamer1-plugins-base-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

5.9AI score
Exploits0
CVE
CVE
added 2026/04/01 12:30 a.m.6 views

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths via exception messages triggered by open_basedir restrictions, enabling an attacker to obtain information about the server’s directory structure. Affected product: XenForo web forum software (pre-2.3.7). Root cause: exception messages reveal filesys...

8.7CVSS5.9AI score0.00342EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2026-3210 (ALAS-2026-3210)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3210 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29708

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description Ella Core experiences a panic when processing a NGAP handover failure message. An attacker capable of triggering a gNodeB to send NGAP handover failure messages to Ella Core can cause a process...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References7
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Issue Correction: Run dnf update gstreamer1-plugins-base --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1504...

7.8CVSS7.1AI score0.00867EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29823

Summary passthrough and apassthrough in praisonai accept a caller-controlled api base parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist i...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

MiracleLinux 8 : 389-ds:1.4 (AXSA:2026-377:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-377:01 advisory. 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow CVE-2025-14905 Tenable has extracted the preceding description...

7.2CVSS6.2AI score0.01038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.12 views

PT-2026-29566

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base. execute sql query component...

7.3CVSS6AI score0.00187EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/04/01 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-8130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/04/01 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-e77ad9d792)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : gstreamer1-plugins-base, gstreamer1-plugins-base-devel, gstreamer1-plugins-base-tools (ALAS2023-2026-1504)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1504 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has extracted the preceding description block directly from the tested product security...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/04/01 12:0 a.m.9 views

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

gstreamer1-plugins-bad-free 1.22.12-5 - fix for CVE-2026-2923, CVE-2026-3082 Resolves: RHEL-156231, RHEL-156248 gstreamer1-plugins-base 1.22.12-5 - Apply patch for CVE-2026-2921 Resolves: RHEL-156241 gstreamer1-plugins-good 1.22.12-5 - Apply patches for CVE-2026-3083, CVE-2026-3085 Resolves:...

8.8CVSS5.9AI score0.00867EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.11 views

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and A...

7.8CVSS7.1AI score0.00867EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:32 p.m.8 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/31 7:50 p.m.5 views

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.7AI score0.00867EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/31 1:11 p.m.5 views

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.7AI score0.00867EPSS
Exploits0References8
Rows per page
Query Builder