Lucene search
K

2291 matches found

OSV
OSV
added 2026/05/20 2:5 a.m.8 views

MAL-2026-4557 Malicious code in ezymail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/05/19 7:0 p.m.11 views

MAL-2026-4732 Malicious code in workrally (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 502275ca25c6fb0e28db57d91789be11e347b5f21696ed45e15c015d123eaf51 dist/index.js imports childprocess and runs whoami observed at multiple call sites, then POSTs the result to a hardcoded remote URL...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41966

Name of the Vulnerable Software and Affected Versions Mailpit affected versions not specified Description The dump --http sub-command allows an arbitrary file write via path traversal. When downloading messages from a remote server, the tool uses the message ID from the JSON response to construct...

5.9CVSS6.1AI score0.00032EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.12 views

Malicious code in sysbin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8ea4ce073a93a1973a062ac7661ceeaea9c312f9fd67e9acda9936e2b6578 Package metadata advertises sysbin as a 'System binary configuration tool' but the tarball ships pointer.py, a stealth overlay that runs automaticall...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.14 views

Malicious code in glob-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/05/14 7:24 p.m.6 views

MAL-2026-3754 Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:41 a.m.13 views

Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/12 7:41 a.m.7 views

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/05/07 6:16 p.m.13 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS0.00215EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.16 views

Malicious code in camelotlabs-config (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 4:22 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2025-36122, CVE-2025-14688, CVE-2025-67735, CVE-2025-68161, CVE-2026-1352, CVE-2025-12183, CVE-2026-1577, CVE-2026-3676...

8.8CVSS6.6AI score0.00743EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:45 p.m.30 views

CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00356EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.6 views

CVE-2026-6981

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/27 1:22 p.m.4 views

CVE-2026-7025

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...

7.5CVSS7AI score0.00278EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/27 5:38 a.m.9 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.8AI score0.00532EPSS
Exploits5References10
Snyk
Snyk
added 2026/04/26 9:0 p.m.5 views

Embedded Malicious Code

Overview elementary-data is a Data monitoring and lineage Affected versions of this package are vulnerable to Embedded Malicious Code that is a credential stealer designed to exfiltrate sensitive data from the environment where the CLI is installed or executed. Specifically, the code: - Harvests...

9.8CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2026/04/24 4:16 a.m.33 views

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

7.5CVSS0.00332EPSS
Exploits1References1
NVD
NVD
added 2026/04/20 5:16 a.m.7 views

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

7.5CVSS0.00326EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 4:45 a.m.30 views

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS0.00284EPSS
Exploits0References4
Rows per page
Query Builder