Lucene search
K

2291 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:37 a.m.4 views

Malicious code in tourney-sdk-react (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/13 5:37 a.m.3 views

MAL-2026-1388 Malicious code in tourney-sdk-react (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:37 a.m.6 views

Malicious code in twitch-twilight-intl (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01efff3eeb27457695f8dc2651f9944b72ee21d46a4579f33d0078e509887101 The package twitch-twilight-intl was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/13 5:37 a.m.4 views

MAL-2026-1389 Malicious code in twitch-twilight-intl (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01efff3eeb27457695f8dc2651f9944b72ee21d46a4579f33d0078e509887101 The package twitch-twilight-intl was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:37 a.m.6 views

Malicious code in conductor-managed-airflow-environment (npm)

The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/13 5:37 a.m.4 views

MAL-2026-1385 Malicious code in conductor-managed-airflow-environment (npm)

The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/12 6:9 p.m.8 views

Malicious code in spectral-corsair-my-backdoor (npm)

Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/03/11 10:16 p.m.7 views

CVE-2026-3961

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

6.5CVSS0.00251EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:2 p.m.4 views

CVE-2026-3961

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

6.5CVSS5.5AI score0.00251EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/03/11 9:32 p.m.2 views

CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.7 views

PT-2026-23988

Name of the Vulnerable Software and Affected Versions Bytedesk versions up to 1.3.9 Description A server-side request forgery condition exists in Bytedesk. The issue is located in the getModels function within the SpringAIOpenrouterRestController component, specifically in the file...

8.8CVSS6.4AI score0.0042EPSS
Exploits1References15
Vulnrichment
Vulnrichment
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.11 views

PT-2026-23892

A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit i...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23799

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, is susceptible to a vulnerability involving tool name collision and indirect prompt injection. A malicious...

9.9CVSS5.9AI score0.22162EPSS
Exploits68References140
NVD
NVD
added 2026/02/25 9:16 p.m.6 views

CVE-2026-27015

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allows a malicious RDP server to crash the FreeRDP client via a reachable WINPRASSERT → abort. The crash occurs in...

6.5CVSS0.00256EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 3:33 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

8.2CVSS5.5AI score0.00296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 3:31 p.m.8 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Remote Server, could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.4AI score0.0031EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/18 2:36 p.m.6 views

freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

9.8CVSS6AI score0.00538EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/02/16 11:26 a.m.8 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
OSV
OSV
added 2026/02/16 4:15 a.m.7 views

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

9.8CVSS5.2AI score
Exploits0References8
Rows per page
Query Builder