Lucene search
K

8226 matches found

OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-145583 Malicious code in nodemon-middleware-non-blocking-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0911c18dba18f41ddc05e9ca6f4eb53d1a1290db69de8d120a48d8b7b16b0d46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-146663 Malicious code in prompts-elara-neptune-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e88763e4db6d89db36b23e397b116aa485ef8cc5797796b29504d0df8bdf70c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-140813 Malicious code in cli-ursa-lyra-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 404b7635e00676f5a1f01eb0daf4d7a14be165f5c23502d43264abd963cd7c7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-140218 Malicious code in bulma-middleware-procyon-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2da90094f5a03de39c5fd357369364e0b32f35ff16c2eb61f23441b9e23f3d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-148009 Malicious code in slidev-mongoose-middleware-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e740fbc701afa1668b536493648225563f609e28680c2dced973d44fa761e5ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.5 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.7AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

SAP Business Connector 操作系统命令注入漏洞

SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from an operating system command injection vulnerability that stems from OS command injection and could lead to the execution of arbitrary operating system commands...

6.8CVSS7.4AI score0.00878EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/10 9:40 p.m.3 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.3AI score0.00372EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-54123

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS6.6AI score0.10543EPSS
In wildExploits7References74
EUVD
EUVD
added 2025/11/06 12:30 a.m.5 views

EUVD-2025-37960

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

8.1CVSS6.6AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2025/11/05 11:16 p.m.4 views

CVE-2025-55278

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

8.1CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 10:44 p.m.30 views

CVE-2025-55278

CVE-2025-55278 affects HCL DevOps Loop. Concrete details across sources show improper authentication in the API authentication middleware, allowing tokens to be accepted without proper validation of expiration or cryptographic signature. Affected component is the API authentication layer; root ca...

8.1CVSS6.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.5 views

HCL DevOps Loop 安全漏洞

HCL DevOps Loop is a suite of code development platforms from HCL India. A security vulnerability exists in HCL DevOps Loop that stems from the API authentication middleware not properly validating token expiration times and cryptographic signatures, which could lead to the use of expired or...

8.1CVSS7.2AI score0.00168EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.7 views

Malicious code in epic-okta-express-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236ca6a4112270418e1024dd6136da781ae916d8e5e2db49347e687cd5c85ac0 The package epic-okta-express-middleware was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37117

Malicious code in epic-okta-express-middleware npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.4 views

MAL-2025-49176 Malicious code in epic-okta-express-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236ca6a4112270418e1024dd6136da781ae916d8e5e2db49347e687cd5c85ac0 The package epic-okta-express-middleware was found to contain malicious code...

7AI score
Exploits0
Snyk
Snyk
added 2025/10/29 6:45 p.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

8.8CVSS7AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 8:10 p.m.4 views

EUVD-2025-36363

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.4AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 7:15 p.m.2 views

GHSA-Q7JF-GF43-6X6P Hono vulnerable to Vary Header Injection leading to potential CORS Bypass

Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...

4.2CVSS5.8AI score
Exploits0References3
NCSC
NCSC
added 2025/10/23 7:20 a.m.8 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...

8.7CVSS7.5AI score0.63258EPSS
Exploits2References1
Rows per page
Query Builder