9 matches found
PYSEC-0000-CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to...
CVE-2026-33525
Authelia (github.com/authelia/authelia) is affected by CVE-2026-33525 in version 4.39.15, due to improper neutralization of input during web page generation that could allow JavaScript injection on the login page. The root cause is described as unsafe handling of the langauge cookie value when re...
EUVD-2025-27596
Malicious code in bioql PyPI...
CVE-2025-57902
Cross-Site Request Forgery CSRF vulnerability in Md Taufiqur Rahman RIS Version Switcher - Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue affects RIS Version Switcher - Downgrade or Upgrade WP Versions Easily: from n/a through = 1.0...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the report serving functionality. An attacker capable of changing report content can bypass the Content-Security-Policy introduced in Jenkins 1.641 and 1.625.3. Workaround Affected users are advised to...
UBUNTU-CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
The vulnerability of Mozilla Firefox’s browser updates, related to errors in checking the downloaded update, allows a hacker to downgrade the browser version during an update.
The vulnerability of the Mozilla Firefox browser is related to errors during the verification of the downloaded update. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the browser during an update...
Malicious Package in slush-fullstack-framework
Version 0.9.2 of slush-fullstack-framework contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It'...