71 matches found
EUVD-2026-36779
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
PT-2026-49322
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
Malicious code in @bonsai-ai/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...
MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...
EUVD-2003-0149
Malware in sbrugna...
EUVD-2003-0148
Malware in sbrugna...
EUVD-2003-0151
Malware in sbrugna...
Malicious code in microsoft-bonsai-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...
MAL-2025-6826 Malicious code in microsoft-bonsai-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
swindon-bonsai.co.uk Cross Site Scripting vulnerability OBB-3364222
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in microsoft-bonsai-visualizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4585 Malicious code in microsoft-bonsai-visualizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Apache OFBiz - SQL Remote Execution PoC Payload
No description provided by source. / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObjectMsxml2.XMLHTTP; catch e...
Apache OFBiz - FULLADMIN Creator PoC Payload
No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...
Mozilla Bonsai Multiple Cross Site Scripting Vulnerabilities
No description provided by source...