Lucene search
K

1612 matches found

CVE
CVE
added yesterday10 views

CVE-2025-71375

The CVE-2025-71375 issue affects the Python package picklescan (prior to 0.0.34) and stems from failure to detect the built-in function _operator.methodcaller when scanning pickle files for malicious code. This oversight allows attackers to craft pickle payloads that evade detection and can lead ...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2025-210414

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1
NCSC
NCSC
added 5 days ago8 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NCSC
NCSC
added 5 days ago4 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:29 p.m.7 views

Malicious code in velocityfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/25 10:29 p.m.6 views

MAL-2026-6487 Malicious code in velocityfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5378 containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd

containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd...

7.8CVSS5.8AI score0.00221EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 1:16 p.m.10 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS0.00162EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:50 p.m.7 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/23 3:50 p.m.8 views

MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:34 p.m.8 views

Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
NVD
NVD
added 2026/06/17 5:16 p.m.16 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 3:5 p.m.8 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
NCSC
NCSC
added 2026/06/17 9:28 a.m.12 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/16 5:41 p.m.14 views

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:8 p.m.10 views

Malicious code in index-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5acad250c58c9c27804a14b640d17438998fbaabd43b77c69008c7180014f361 index-ulid impersonates the legitimate ulid/ulidx ULID generator reuses ulid's description and links its homepage to github.com/ulid/javascript but i...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:53 p.m.9 views

Malicious code in ldpbootstrap-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcab02ae44d1604b6fa9e80156a8c5882f7a4809470ff59eb6d14db4bf28f91f ldpbootstrap-jquery ships and executes an obfuscated Windows PowerShell payload as part of its documented usage. The package contains...

5.7AI score
Exploits0References5
Rows per page
Query Builder