Lucene search
K

1167 matches found

Snyk
Snyk
added 2026/05/27 7:33 p.m.8 views

External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

10CVSS6.1AI score0.01051EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the output option in server mode. An attacker can create or append to arbitrary files on the host filesystem by sending crafted requests to the REST API, as the file path is taken directly from...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the output option in server mode. An attacker can create or append to arbitrary files on the host filesystem by sending crafted requests to the REST API, as the file path is taken directly from...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/27 1:17 p.m.16 views

Malicious code in bulletproof-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00849bd08fa4e9ebb1877039ab1ff287fd0ab89a683a45229176f717b6db1e9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

LangSmith Client SDKs 代码问题漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.8.0 and JS/TS versions prior to 0.6.0 have code vulnerabilities. This vulnerability stems from the lack of differentiation between public prompts and internal organization-specifi...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 12:27 p.m.11 views

MAL-2026-4797 Malicious code in int-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:4 p.m.15 views

Malicious code in fastjsonlog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c215826041044ae60befaac2d8d5cb29653cb12091b5803ed0a7cf8fff83f94b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 9:0 a.m.10 views

MAL-2026-4316 Malicious code in internallib_v95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 8:47 a.m.12 views

MAL-2026-4321 Malicious code in motion-ui-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 7:12 a.m.11 views

MAL-2026-4295 Malicious code in git-en-boite-inventory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce51f21e43fe31cbc2ad9ea659087abadc9eeba578dbb559ab1443392af44a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/23 12:0 a.m.13 views

MAL-2026-4277 Malicious code in dev-env-bootstrapper (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/05/21 8:12 a.m.13 views

MAL-2026-4336 Malicious code in webservices.rest-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9c78a4d0c87def69bbc5337e41a730e7ca6ae898426759915f053dc584581c package.json declares both preinstall and postinstall hooks that execute index.js, which exfiltrates installer data to a base64-encoded Cloudflare...

5.9AI score
Exploits0References4
Snyk
Snyk
added 2026/05/19 10:50 a.m.11 views

External Control of Assumed-Immutable Web Parameter

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the SessionCodeChecks restart flow in the login sessi...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 11:24 a.m.13 views

Malicious code in the_secret_of_running_by_hans_van_dijk_ron_van_megen_02jsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11aa0239d26b0aae85ed4e3f9bc78838fbdfd47beb4bc9ab701687cb7081513e The package thesecretofrunningbyhansvandijkronvanmegen02jsk was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/15 11:24 a.m.7 views

MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 10:43 a.m.20 views

Malicious code in babel-6-compatibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8087b9d84c49b5f44fe119e347d1fe658395eb8af859209bcf8884716692229d The package babel-6-compatibility was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.15 views

Security Updates for Microsoft Word Products C2R (May 2026)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-40361, CVE-2026-40366 - Access of resource using incompatible type 'type...

8.4CVSS5.9AI score0.04421EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2026-30111

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.9 views

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References1
Rows per page
Query Builder