Lucene search
K

4773 matches found

EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-40453

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-56777

The CVE affects n8n self‑hosted instances running Python Task Runner with the Python Code node. Versions affected: before 2.25.7 and before 2.26.2. Issue: AST security validator bypass in Python Code node allows an authenticated user with workflow modification rights to bypass the validator and a...

5.3CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-57231

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday15 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6AI score0.01623EPSS
Exploits1References4
OSV
OSV
added 2 days ago5 views

MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-57231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no val...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago52 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.5AI score0.59798EPSS
Exploits1References5
Nuclei
Nuclei
added 5 days ago234 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.5AI score0.78428EPSS
Exploits5References6
NVD
NVD
added 5 days ago6 views

CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in gx-npm-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e5ac6b8b24f2c158c37d3d6ac268bbf7f472433660064491538ee468cfcfcb Package published at version 99.99.99 under the gx-npm- namespace, a shape designed to win npm version resolution against private internal packages o...

5.8AI score
Exploits0References2
OSV
OSV
added 6 days ago4 views

MAL-2026-6481 Malicious code in gx-npm-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e5ac6b8b24f2c158c37d3d6ac268bbf7f472433660064491538ee468cfcfcb Package published at version 99.99.99 under the gx-npm- namespace, a shape designed to win npm version resolution against private internal packages o...

5.8AI score
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
OSV
OSV
added 6 days ago3 views

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
OSV
OSV
added last week3 views

GHSA-PRJ9-97MP-MWH2 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering

Description The filterToDefinedArgumentsOnly function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with ot to bypass this filter. While two system arguments...

4.3CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added last week30 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
OSV
OSV
added last week9 views

MAL-2026-6383 Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week5 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
Rows per page
Query Builder