Lucene search
K

183 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 9:20 a.m.9 views

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

5.4CVSS6.8AI score0.00347EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.10 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

9.8CVSS5.8AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 5:17 p.m.7 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

9.8CVSS0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.4 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

5.8AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.8 views

CVE-2026-28673

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

7.2CVSS5.9AI score0.0059EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 12:41 a.m.8 views

CVE-2026-28673

xiaoheiFS (self-hosted financial/operational system) versions ≤ 0.3.15 are vulnerable through the standard plugin system. An attacker can upload a ZIP containing a binary and a manifest.json; the server trusts the binaries field in the manifest and executes the specified file without validating i...

7.2CVSS5.9AI score0.0059EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.13 views

PT-2026-25970

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

7.2CVSS5.8AI score0.0059EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/13 7:22 p.m.4 views

EUVD-2026-12085

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS6.2AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-190150 Malicious code in view-omicron-unix-compress-authorize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d86eb2e159a609113cfc2efc8435ff741a9e4a3d864ae507fe6a729dd0058b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.6 views

Malicious code in itale-adci-ggryuyegfjbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c49bb2df6a5269b255f6360543df1a830c0ad775c6f1398eddbd88b8a21ef42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 10:25 p.m.3 views

MAL-2025-184952 Malicious code in sonic-kas-fagiufagugafa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a537d26a3f1602b0d32cd0629586d1858929097fd1dd03ca591b48867e6125 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 8:46 p.m.3 views

Malicious code in teate-thy-sonic-futfi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9069dc632d842e20a9ba5d0cd40085a754cfdc82ebf69f2427dc7e942ed583dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 8:46 p.m.6 views

MAL-2025-181154 Malicious code in teate-thy-sonic-zuluf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d198dc0693a9d57cb4fcf20d4c644a5a1a662b95d255e2d4fa7f74603234d2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 8:46 p.m.6 views

Malicious code in teate-thy-py-kopna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 350372ec686d2e9f3d5e3041efd1ae292241b88f94b8391dacabfd5194b3805d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 8:46 p.m.6 views

MAL-2025-180993 Malicious code in teate-thy-sonic-tutato (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5037addecd0179ab192604db30cede8138b42b47a3391ce3403c48ca1f73e72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.3 views

Malicious code in nuilva-bavaim-macovo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05cc9559f6efdcbc4c48ca5c1433f4d5d1070185850de3a008165b4f8a19027c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.4 views

Malicious code in unimana-satgub-naiuanab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5174efd6ecdaa186069b309f2af05c5bf6dd72df338d032de7ec1d2d38eddca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.2 views

MAL-2025-173424 Malicious code in buta-fiona-infa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f62002f395ff3aed799fcbdda1a49ca9a1dfb660fd3faed3e8c42d55b08a27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.4 views

Malicious code in goodain-nusafaia-nuasafi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16aa6ae8a5a64c001441544f5edc0085a5a34c595b82f25b5661452a38b99f1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.3 views

Malicious code in goodafin-nuiya-gifia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1279d7b7f18eba999c739ba9f3e9dbc33ff0006b8a10490d8bcb5dbca77acb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder