Lucene search
K

108 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 4:53 p.m.6 views

CVE-2025-67727

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

9.8CVSS6.7AI score0.00365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 6:35 a.m.2 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

6.9CVSS6.4AI score0.00365EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 6:35 a.m.5 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

6.9CVSS6.7AI score0.00365EPSS
Exploits0References5
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-187017 Malicious code in fork-crust-filament-kardashevscale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eacd2de681ec1c3e693bda71b1a50f3636b7bfc63e53f158913c115b5c5e658e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.4 views

MAL-2025-177500 Malicious code in poglymer-ognamoh-afiaai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6afb2fa45285e7bca408bc4ca27e352a554d1564579c6d775ecfa75eea2b0f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.0 views

MAL-2025-158447 Malicious code in lookingan-nalako38 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 990de35ee357135d32f70c34d0634b86de15a13c657ad67b47c5b94bbbb2458e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-142596 Malicious code in fork-run-script-json-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a487508b75acecea952348bb04e9172b5b203a5e9a7c982696c74b83d7457b0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-144486 Malicious code in local-fork-postgres-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a55b74dedb1f55e866a3e57ff1b1150151ebfce27b4a2d1e0fa1033db37c196 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 10:56 p.m.0 views

MAL-2025-132417 Malicious code in cici-dradag80-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2dfa35c1b9aef590b0e1de14e2244b9748a074366da50bdb170bc3e2f9116bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.1 views

MAL-2025-128332 Malicious code in loose_limpet_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c03971c914b9c10fc568d9d0164eca390e5e53b8908ee4194df7e637197d01a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.4 views

Malicious code in gita-jengkol67-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03fd4cf4fe20581142fec8ee2852e1d66a708a499de713d8a7f3a88173205d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.2 views

Malicious code in hadianto-kue66-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 516d2d435823bab90868a648d291da4accd0e783073d6a39a6e1a5ba8068adc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 2:29 a.m.0 views

Malicious code in putri-peyek37-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f55590c1df3fb9bb1c1d28bc4c827a7791b5a8bd8ef1288918f3ea54a194550 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 12:41 a.m.1 views

MAL-2025-70500 Malicious code in secret-chocolate-haddock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54d7bf5dcebb64a8d8783f6a1867987ed01f14577ada5e5c129f3c8bfd3e25fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/10 4:5 a.m.1 views

MAL-2025-51008 Malicious code in bayu-teh3-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64f9d3b52eda17ef9a03de3a2a2c4b1ff77b0aa060aef67973efe1fd9d61ca2d The package bayu-teh3-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded np...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/07 12:0 a.m.5 views

Chasing One-Day Vulnerabilities across Open Source Forks

Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/04 12:0 a.m.6 views

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and optionally validating those tests on mainnet forks. It combines static analysis, prompt-driven LLM analysis, and AI-ensemble...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-9375

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01084EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/17 6:52 p.m.1 views

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

7.2CVSS6.4AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/17 6:52 p.m.9 views

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

7.2CVSS0.00268EPSS
Exploits0References1
Rows per page
Query Builder