Lucene search
K

12756 matches found

Cvelist
Cvelist
added 10 hours ago7 views

CVE-2026-57898

In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thumbnail API. The AAS thumbnail upload path accepted a client-controlled fileName request parameter...

9CVSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago32 views

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

7.5CVSS6.1AI score0.01211EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago16 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7AI score0.08669EPSS
Exploits4References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in jupiter-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e0901ca45da110106c60f288b0166fc51c348a44569d7e7ff22af3d19deafe On import jupitersdk, the package's top-level init.py fetches a payload over HTTPS from a public IPFS gateway...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in metemask-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level init.py performs an outbound HTTP fetch to...

6.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...

9.8CVSS6.1AI score0.02147EPSS
Exploits6References12
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM i is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to partial denial-of-service DoS CVE-2026-22021, CVE-2026-22018 and unauthorized access to data CVE-2026-22016, CVE-2026-22013,...

7.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software5
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in chain-api-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cc73eb727778c3a543bdef1f6993d4c8be38da047fc97b7a0614bd195590249 chain-api-sdk presents itself as the upstream multichain-crypto-wallet library: README, badges, package.json repository.url, and homepage all point t...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in clavue-agent-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 399c0d2f1fabfa46b35810b70797862a0fd469076fa9496549237ab413ccada2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Chainguard
Chainguard
added 6 days ago7 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk, py3-nltk...

7.5CVSS6.1AI score0.00378EPSS
Exploits1
Chainguard
Chainguard
added 6 days ago5 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk, py3-nltk...

6.1AI score
Exploits0
NVD
NVD
added 6 days ago6 views

CVE-2026-59807

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
CVE
CVE
added 6 days ago7 views

CVE-2026-59807

CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42377

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

ROOT-APP-PYPI-CVE-2026-48776 CVE-2026-48776 in rootio-langgraph-sdk - Patched by Root

Root has patched CVE-2026-48776 in the rootio-langgraph-sdk package for Root:PyPI. Multiple fixed versions available...

9.1CVSS5.9AI score0.00216EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 5:18 p.m.4 views

Security Bulletin: QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar App SDK has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION:...

9.8CVSS6.2AI score0.02667EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/07 4:52 p.m.7 views

GO-2026-5764 DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream

DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.12 views

Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:20 p.m.10 views

Malicious code in chai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9192d163b3814064c95a23cb11e218732346628f3109517aab7697c2dcb6d016 On require, index.js spawns a detached background node process that runs lib/initializeCaller.js. That module axios.gets a base64-obfuscated URL...

6.2AI score
Exploits0References3
Rows per page
Query Builder