Lucene search
K

1083 matches found

Circl
Circl
added yesterday5 views

CVE-2026-12273

creationtimestamp| type| source ---|---|--- 2026-07-13 07:41:09+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6vfbljy2y 2026-07-14 03:38:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqlbsllbjm2c...

4.3CVSS6.1AI score0.0014EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-58493

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS0.00288EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-58493

CVE-2026-58493 affects grav-plugin-database (Grav CMS) prior to 1.2.0. The plugin builds PDO DSN strings by concatenating user-configurable YAML values (host, dbname, charset, server, database, directory, filename) without sanitization, enabling an administrator with plugin config access to injec...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS0.00371EPSS
Exploits0References1
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS0.00498EPSS
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
NVD
NVD
added last week11 views

CVE-2026-11348

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-11348

The CVE-2026-11348 vulnerability affects HAVELSAN Liman MYS (before release.Master.1107) and is caused by improper verification of a cryptographic signature. The entry indicates a remote attack vector (Network) with high impact across confidentiality, integrity, and availability (CVSS v3.1: 8.1, ...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-11348 Authentication Bypass in HAVELSAN's Open Source Project Liman MYS

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42034

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in enbd-react-lib (npm)

The enbd-react-lib package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd' interna...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in @flex-ng/filter-pipe (npm)

The @flex-ng/filter-pipe package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @flex-n...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/03 2:36 p.m.7 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a sink for deserialization...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 4:21 p.m.8 views

CVE-2026-24245

creationtimestamp| type| source ---|---|--- 2026-07-01 16:21:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplwf2i7xe26 2026-07-02 04:27:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn6woaywm2k...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.10 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 10:56 p.m.19 views

CVE-2026-55223

CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder