Lucene search
K

1394 matches found

OSV
OSV
added 2026/05/21 12:0 a.m.10 views

MAL-2026-4210 Malicious code in polymarket-auto-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
Wolfi
Wolfi
added 2026/05/20 7:48 p.m.17 views

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: crossplane, k9s, gitsign, nfpm, act, witness, syft, kubescape, xeol, scorecard, grafana-alloy, pulumi-language-dotnet, argo-cd, skaffold, tfsec, dagger, gitea, cerbos, kaniko, guac, wolfictl, grype, zot, argocd-image-updater, pulumi-language-yaml, nuclei, goreleaser,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/05/20 7:48 p.m.16 views

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: crossplane, k9s, gitsign, nfpm, act, witness, syft, kubescape, xeol, scorecard, grafana-alloy, pulumi-language-dotnet, argo-cd, skaffold, tfsec, dagger, gitea, cerbos, kaniko, guac, wolfictl, grype, zot, argocd-image-updater, pulumi-language-yaml, nuclei, goreleaser,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/05/20 7:48 p.m.19 views

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: crossplane, k9s, gitsign, nfpm, act, witness, syft, kubescape, xeol, scorecard, grafana-alloy, pulumi-language-dotnet, argo-cd, skaffold, tfsec, dagger, gitea, cerbos, kaniko, guac, wolfictl, grype, zot, argocd-image-updater, pulumi-language-yaml, nuclei, goreleaser,...

9.6CVSS6.1AI score0.00365EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/20 7:48 p.m.20 views

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: crossplane, k9s, gitsign, nfpm, act, witness, syft, kubescape, xeol, scorecard, grafana-alloy, pulumi-language-dotnet, argo-cd, skaffold, tfsec, dagger, gitea, cerbos, kaniko, guac, wolfictl, grype, zot, argocd-image-updater, pulumi-language-yaml, nuclei, goreleaser,...

5.4CVSS6.1AI score0.00297EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/20 7:17 p.m.9 views

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: src-fingerprint, kots, xeol-fips, dagger, rancher-fleet, flux, gitlab-runner-fips, skaffold-fips, coder, apko-fips, grype-db, argo-workflows-fips, kubevela, k9s, argo-events, trivy-fips, zot, cerbos-fips, crossplane, amazon-ssm-agent-fips, kaniko-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 7:17 p.m.8 views

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: src-fingerprint, kots, xeol-fips, dagger, rancher-fleet, flux, gitlab-runner-fips, skaffold-fips, coder, apko-fips, grype-db, argo-workflows-fips, kubevela, k9s, argo-events, trivy-fips, zot, cerbos-fips, crossplane, amazon-ssm-agent-fips, kaniko-fips,...

6.1AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in WebKit2GTK

A problem related to injections has been addressed through improved validation. This issue is fixed in Safari 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, and watchOS 10.4. A maliciously crafted webpage may potentially exploit this vulnerability...

7.5CVSS6.8AI score0.01286EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in mc

A issue was discovered in Midnight Commander through version 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user can connect to the server without being able to verify its authenticity...

7.5CVSS7.1AI score0.02216EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/20 5:30 a.m.16 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:10 a.m.14 views

Malicious code in @solarcraft/observix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.9 views

libssh: Write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.1AI score0.00178EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/18 5:50 p.m.18 views

CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 5:50 p.m.7 views

GHSA-MF33-GV72-W2H5 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:50 p.m.7 views

Directory Traversal

Overview cloakbrowser is a Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. Affected versions of this package are vulnerable to Directory Traversal via the fingerprint parameter in the cloakserve process. An attacker can...

8.8CVSS6.5AI score0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.29 views

PT-2026-41798

Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28 Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 9:16 p.m.42 views

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 8:51 p.m.64 views

CVE-2026-44700 Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS0.00255EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 8:51 p.m.22 views

CVE-2026-44700

CVE-2026-44700 affects the Elixir WebRTC project (ex_webrtc). Before versions 0.15.1 and 0.16.1, the DTLS fingerprint validation was skipped when the DTLS client acts as the active party during handshake, effectively removing one side of WebRTC’s mutual authentication. This does not by itself ena...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/14 8:51 p.m.13 views

EUVD-2026-30486

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References5
Rows per page
Query Builder