Lucene search
K

92 matches found

OSV
OSV
added 2026/06/27 2:32 a.m.4 views

MAL-2026-6544 Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:18 a.m.11 views

Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:34 p.m.16 views

Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.9AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/05/20 12:0 a.m.3 views

The vulnerability of the CREATE TYPE command in the PostgreSQL database management system allows a hacker to execute arbitrary SQL functions.

The vulnerability of the CREATE TYPE command in the PostgreSQL database management system is related to the lack of authorization. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL functions remotely...

5.5CVSS6.2AI score0.00159EPSS
Exploits0References13Affected Software6
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.8 views

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...

8.8CVSS5.7AI score0.00477EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:7 a.m.4 views

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...

8.7CVSS5.7AI score0.00477EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/06 11:59 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection inadequate recursive validation of PostgreSQL array and row expressions in the validateNode function. An attacker can execute arbitrary SQL functions and achieve code execution on the database server by crafting malicious...

9.9CVSS6.4AI score0.00539EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : libreoffice-5.3.6.1-21.el7 (AXSA:2019-4181:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4181:02 advisory. libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning CVE-2018-16858 Tenable has extracted the...

9.8CVSS8.4AI score0.67321EPSS
Exploits10References2
OSV
OSV
added 2026/01/05 2:32 a.m.7 views

CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

5.3CVSS6.1AI score0.00316EPSS
Exploits0References9
CNVD
CNVD
added 2025/11/27 12:0 a.m.8 views

ASUS Router Authentication Bypass Vulnerability (CNVD-2025-29936)

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

9.2CVSS7.3AI score0.15087EPSS
Exploits1References1
CVE
CVE
added 2025/11/25 7:27 a.m.86 views

CVE-2025-59366

The CVE-2025-59366 issue affects AiCloud, with a critical authentication bypass caused by an unintended side effect of Samba functionality. PT-2025-48017 lists affected AiCloud versions prior to 3.0.0.4 386/388/0.6 102 and describes the vulnerability as allowing execution of specific router funct...

9.2CVSS6.7AI score0.15087EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/25 7:27 a.m.7 views

EUVD-2025-199586

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

9.2CVSS6.5AI score0.15087EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/25 7:27 a.m.6 views

CVE-2025-59366

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

9.2CVSS6.7AI score0.15087EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/25 7:27 a.m.12 views

CVE-2025-59366

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

9.2CVSS0.15087EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.10 views

PT-2025-48017

Name of the Vulnerable Software and Affected Versions AiCloud versions prior to 3.0.0.4 386/388/0.6 102 Description An authentication bypass issue exists in AiCloud due to an unintended side effect of the Samba functionality. This allows execution of specific functions without proper authorizatio...

9.2CVSS7AI score0.15087EPSS
Exploits1References22
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.16 views

ASUS Router 安全漏洞

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

9.2CVSS7.2AI score0.15087EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/11/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-2492

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

9.2CVSS6AI score0.01017EPSS
In wildExploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13993

Malware in sbrugna...

6.5CVSS7.2AI score0.0207EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17546

Malware in sbrugna...

7.5CVSS7.5AI score0.01568EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24820

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00628EPSS
Exploits0References3
Rows per page
Query Builder