Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 7:49 p.m.15 views

Malicious code in buddyme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6 buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers Zhipu GLM at...

5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 4:43 p.m.6 views

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

4.8CVSS5.9AI score0.00148EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 8:4 p.m.6 views

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

7.2CVSS5.9AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.5 views

CVE-2025-67732

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS6.6AI score0.00305EPSS
Exploits1References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2025/09/04 12:43 p.m.6 views

WordPress - WP Social Ninja exposed API Key

WordPress - WP Social Ninja exposed API Key Joshua Martinelle Thu, 09/04/2025 - 08:43 WP Social Media is a WordPress plugin that allows to integrate social media feeds such as Instagram Feed, Facebook Feed, social reviews such as Google Reviews, WooCommerce Reviews Pro, and chat widgets such as...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.12 views

PT-2024-28551 · WordPress · Convertkit

Name of the Vulnerable Software and Affected Versions: The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress versions up to, and including, 2.4.9 Description: The issue is related to a missing capability check on the tag subscriber function, allowi...

5.3CVSS7.1AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.9 views

PT-2024-12302 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.6.0 through 2.6.13 Rancher versions 2.7.0 through 2.7.9 Rancher versions 2.8.0 through 2.8.1 Description: A vulnerability has been identified when granting a create or global role for a resource type of "namespaces". This c...

8.6CVSS7.2AI score0.00403EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.3 views

PT-2022-7335 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to a bug in the fix of XSA-115, where a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path. This can result in a crash of...

8.8CVSS6.2AI score0.00375EPSS
Exploits0References155
Positive Technologies
Positive Technologies
added 2019/08/08 12:0 a.m.9 views

PT-2019-4490 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.9 Description: The issue is related to the cpu.cfs quota us function in the Linux kernel, which can lead to a denial of service against non-cpu-bound applications. This can be triggered by generating a...

10CVSS7.1AI score0.72105EPSS
Exploits141References938
Rows per page
Query Builder