Lucene search
+L

1207 matches found

Snyk
Snyk
added 2026/05/05 9:15 p.m.14 views

External Control of File Name or Path

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch...

8.8CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/04 3:2 a.m.16 views

MAL-2026-3319 Malicious code in @google-pay-trust/init-google-pay-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dba78dc87b515a0cda716fc10162fbc4c31c264a1e2dbf6f1651257cfa87e62 The package @google-pay-trust/init-google-pay-result was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 3:2 a.m.10 views

MAL-2026-3321 Malicious code in @montanatonytest/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 1:43 a.m.5 views

MAL-2026-3284 Malicious code in tinfoil-shops (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 12:1 a.m.6 views

Malicious code in @bcs-bank-react-ui/swiper-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/23 3:56 a.m.13 views

Malicious code in vime-azl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/23 3:49 a.m.10 views

Malicious code in ts-moduler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfa69fb7376ebc308243d78af9402eac9735a83121bbd7cf72a86cc792d10ad The package ts-moduler was found to contain malicious code. Source: ghsa-malware ea28227378d489dcc355b2e56f166d0aadb5c59656ac5033a4090bad165d783c Any...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/17 9:56 p.m.25 views

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the loading of workspace .env files. An attacker can manipulate runtime-control variables by crafting a malicious .env file that se...

8.8CVSS5.7AI score0.00203EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 11:30 a.m.12 views

Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/16 10:45 p.m.10 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:45 p.m.11 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/04/15 2:19 p.m.4 views

MAL-2026-2690 Malicious code in @pnc-ref/harmony-support-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/14 11:9 p.m.3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...

9.9CVSS5.9AI score0.00753EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:47 a.m.6 views

Malicious code in one-translations (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8509aaa4a1769ce406c0bf7883ec6930bbd4aedbbeeb82df3ae719ab279ff238 The package one-translations was found to contain malicious code. Source: ghsa-malware 6d3a1486ad2ba464c9c1c678dfbab6c735eccaf31f2a1d3cba6e3f28a3fad5...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.5 views

Malicious code in wm-plugin-wm-smart-tip-dont-embed-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed6cae507e456c74167f9236f4f846cbbf1437a9fbcc5333e228d22073a78cc4 The package wm-plugin-wm-smart-tip-dont-embed-tooltip was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/13 3:25 p.m.6 views

MAL-2026-2610 Malicious code in twilio-video.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...

5.7AI score
Exploits0References1
EUVD
EUVD
added 2026/04/13 6:30 a.m.4 views

EUVD-2026-21868

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 6:16 a.m.15 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS0.00093EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 6:13 a.m.9 views

Malicious code in seaport-core-16 (npm)

Package exfiltrates user info to a remote server via wget in test, preinstall, and preupdate scripts. Very few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2cd9e6e61b20566214a0627d5923ec7cbe799e9757d25fd883f46616e5b58b The package...

5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 5:4 a.m.2 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References1
Rows per page
Query Builder