Lucene search
K

1051 matches found

Packet Storm
Packet Storm
added 2026/03/24 12:0 a.m.191 views

📄 activitypub-federation-rust 0.7.1 Server-Side Request Forgery

activitypub-federation-rust versions 0.7.1 and below suffer from a server-side request forgery vulnerability. CVE-2026-33693: SSRF via 0.0.0.0 Bypass in activitypub-federation-rust v4isinvalid CVSS 6.5 Moderate Keywords: SSRF, 0.0.0.0, IP validation bypass, activitypub-federation, Lemmy, Rust,...

6.5CVSS5.8AI score0.00359EPSS
Exploits2
OSV
OSV
added 2026/03/16 8:9 p.m.5 views

MAL-2026-1482 Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00512EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/16 12:24 p.m.6 views

Improper Authentication

ZITADEL is vulnerable to Improper Authentication. The vulnerability is due to improper enforcement of organization login policies during the federation auto-linking process, which allows an attacker to authenticate through a disabled identity provider and link their external identity to an existi...

9.8CVSS5.8AI score0.00472EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.10 views

Apollo Federation 安全漏洞

Apollo Federation is an architecture in the Apollo community that combines APIs into a unified graph through declarative methods. Vulnerabilities exist in versions of Apollo Federation before 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2. These vulnerabilities stem from vulnerabilities in the query...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:36 a.m.6 views

Malicious code in kvstore-pb2-grpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7208dedf651be9d1e330692ef042b89e5bcae7e8aeee7f2ab400d49e7a574de8 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:34 a.m.8 views

Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/15 9:34 a.m.3 views

MAL-2026-1432 Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:34 a.m.6 views

Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/15 9:34 a.m.6 views

MAL-2026-1435 Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:29 a.m.6 views

Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/15 9:29 a.m.4 views

MAL-2026-1431 Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:51 p.m.7 views

Prototype Pollution

Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...

9.9CVSS6.6AI score0.00512EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 8:51 p.m.15 views

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/03/13 8:51 p.m.7 views

GHSA-PFJJ-6F4P-RVMH Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 8:51 p.m.6 views

EUVD-2026-12135

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization...

9.9CVSS5.8AI score0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 8:29 p.m.10 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 8:29 p.m.32 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:29 p.m.6 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/03/13 8:29 p.m.6 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References3
Rows per page
Query Builder