Lucene search
K

126 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 1:19 p.m.9 views

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

8.1CVSS5.8AI score0.00347EPSS
Exploits2References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 9:21 a.m.16 views

Malicious code in centralogger (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/14 9:21 a.m.7 views

MAL-2026-2825 Malicious code in centralogger (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 9:21 a.m.5 views

Malicious code in dom-utils-lite (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/14 9:21 a.m.5 views

MAL-2026-2826 Malicious code in dom-utils-lite (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31813

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/15 2:49 p.m.470 views

Exploit for CVE-2025-48757

🛡️ Supabase Sentinel A Claude Skill that audits your Supaba...

9.3CVSS6AI score0.00709EPSS
Exploits3
NVD
NVD
added 2026/03/11 5:16 p.m.5 views

CVE-2026-31813

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 4:42 p.m.35 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:42 p.m.3 views

CVE-2026-31813

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/11 4:42 p.m.16 views

CVE-2026-31813

CVE-2026-31813 affects Supabase Auth. Before version 2.185.0, if Apple or Azure as OIDC providers are enabled, an attacker can create a valid, asymmetrically signed ID token from their issuer for each victim email and send it to the token endpoint using the ID token flow. If the ID token is OIDC ...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 4:42 p.m.3 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 4:42 p.m.9 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

编号撤回

“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...

5.8AI score0.0003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24743

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

编号撤回

“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...

5.8AI score0.0003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

编号撤回

“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...

5.8AI score0.0003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

Auth 安全漏洞

Auth is a user authentication and management system developed by Supabase. Previous versions of Supabase Auth, such as 2.185.0, had security vulnerabilities. These vulnerabilities occurred when Apple or Azure providers were enabled, allowing attackers to issue session tokens for arbitrary users...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

编号撤回

“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...

5.8AI score0.0003EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 5:39 p.m.5 views

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

9.4CVSS6.2AI score0.01147EPSS
Exploits1References8
Rows per page
Query Builder