Lucene search
K

29 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in clavuepro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.9 views

Malicious code in leo-connector-mongo (npm)

The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.13 views

Malicious code in leo-cdk-lib (npm)

The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 3:40 p.m.28 views

CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS0.009EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 10:2 p.m.5 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Social Media Management configuration fields. An attacker can execute arbitrary JavaScript in the browser context of ...

8.4CVSS6AI score0.00229EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/01 9:23 p.m.21 views

CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

4.7CVSS0.00229EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/30 8:24 p.m.1 views

CVE-2026-27599 CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration...

4.7CVSS5.8AI score0.00358EPSS
Exploits1References1
CVE
CVE
added 2026/03/30 8:24 p.m.13 views

CVE-2026-27599

CI4MS (CodeIgniter 4-based CMS skeleton) is affected by a stored DOM XSS in System Settings – Mail Settings. Prior to version 0.31.0.0, fields such as Mail Server, Mail Port, Email Address, Email Password, Mail Protocol and TLS settings accept attacker-controlled input that is stored server-side ...

7.2CVSS5.8AI score0.00358EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/30 4:19 p.m.3 views

EUVD-2026-17199

ci4-cms-erp/ci4ms: System Settings Mail Settings Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

4.7CVSS5.8AI score0.00358EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

osctrl 跨站脚本漏洞

OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the osctrl-admin feature, which queries lists on demand, allowing for stored cross-site scripting. This could...

8.7CVSS6.8AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/01/14 3:16 p.m.10 views

CVE-2026-22240

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

10CVSS0.03001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 2:34 p.m.6 views

CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS7AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 2:34 p.m.30 views

CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS0.00469EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/14 2:34 p.m.3 views

CVE-2026-22236

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS5.7AI score0.00469EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 2:34 p.m.15 views

CVE-2026-22236

Technical details about CVE-2026-22236 are not publicly available in the provided documents. The descriptions summarize improper backend API authentication but do not specify affected components, versions, impact specifics, or fixes. Monitor for updates from vendors and security feeds.

10CVSS7AI score0.00469EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

10CVSS6.7AI score0.00469EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.9 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...

10CVSS6.6AI score0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.11 views

PT-2026-2906

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

10CVSS7.3AI score0.03001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.12 views

PT-2026-2859

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS7.3AI score0.00469EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-21055

Malware in sbrugna...

9.8CVSS9.2AI score0.01668EPSS
Exploits0References2
Rows per page
Query Builder