Lucene search
K

6583 matches found

Nuclei
Nuclei
added yesterday75 views

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS6.1AI score0.33629EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday73 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

Froxlor < 0.10.38.2. - HTML Injection

HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. id: CVE-2022-3869 info: name: Froxlor TEST" matchers-condition: and matchers: - type: word part: body words: - 'The message to ""TEST" failed' - type: word part: header words: - "text/html" - type: status status: - 200 d...

6.5CVSS6.6AI score0.01265EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago3 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-541 Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7.3AI score0.0118EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5755 Canonical MicroCeph: path traversal issue in the remote-import AP in github.com/canonical/microceph/microceph

Canonical MicroCeph: path traversal issue in the remote-import AP in github.com/canonical/microceph/microceph...

5CVSS5.8AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5674 OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao

OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5517 OpenBao's System Backend allows Unauthorized Management of the containing Namespace in github.com/openbao/openbao

OpenBao's System Backend allows Unauthorized Management of the containing Namespace in github.com/openbao/openbao...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5557 Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend

Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5222 nhost has Session Persistence After Password Change in github.com/nhost/nhost

nhost has Session Persistence After Password Change in github.com/nhost/nhost...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/22 7:28 p.m.6 views

GO-2026-5060 Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg

Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Circl
Circl
added 2026/06/17 4:18 a.m.15 views

CVE-2026-54069

creationtimestamp| type| source ---|---|--- 2026-06-17 04:18:47+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-54069.yaml 2026-07-10 19:52:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcwdmy6ok2t 2026-07-10...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 3:24 p.m.30 views

MAL-2026-5697 Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:5 p.m.13 views

Malicious code in multica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7d3e4277fb571072315c7f64c269029cd53c78b3ff27ec5536d748c659fd6a2 Package is published at version 9999.99.99 with a description referencing an npm 404 in multica-ai/multica and a main module that recursively require...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.11 views

MAL-2026-5397 Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.38 views

MAL-2026-5403 Malicious code in t-invest-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c186ac158f68845fc995a94d15d44c2b65a521d2619d2850232e58f4a61419 Package is a dependency-confusion squat: package.json sets version 9999.99.99 the canonical max-version trick used to win resolution against any...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/05/25 1:45 p.m.16 views

MAL-2026-4523 Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 3:52 p.m.10 views

MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 5:41 p.m.14 views

Malicious code in pewter-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f898fe8ed95b1d549bfff91d7c0dda0f75ada1c32a58af144940cf28b23c5 On npm install, a preinstall hook in callback.js collects os.hostname, os.userInfo.username, process.cwd, the configured npm registry...

5.8AI score
Exploits0References1
Rows per page
Query Builder