Lucene search
+L

5481 matches found

Nuclei
Nuclei
added 19 hours ago24 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS5.2AI score0.01656EPSS
Exploits3References3
CVE
CVE
added 4 days ago21 views

CVE-2026-46421

The CVE concerns a supply-chain compromise in the SAP Cloud Application Programming Model’s cap-js/cds-dbs monorepo. On 2026-04-29, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published; these malicious packages harvested credentials (n...

9.3CVSS6.1AI score0.00384EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-61446

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-61446

CVE-2026-61446 affects PraisonAI before 1.6.78. The plugin manager loads and executes arbitrary Python files from plugin directories using importlib and exec_module without code signing or sandboxing, enabling a local attacker who can write a malicious .py file to achieve arbitrary code execution...

8.6CVSS6.6AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-61446 PraisonAI before 1.6.78 Remote Code Execution via Plugin Auto-Discovery

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 6 days ago25 views

Defending SaaS-based applications against ShinyHunters OAuth abuse

In this article 1. Attack chain overview 2. Improving visibility into Salesforce OAuth abuse 3. Mitigation and protection guidance 4. Learn more In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago13 views

Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSV
OSV
added 6 days ago8 views

MAL-2026-10491 Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago13 views

Malicious code in @oliviamcdaniel12/safer-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/12 8:57 p.m.4 views

MAL-2026-10212 Malicious code in vuln-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8bd105bf3b12062f312b41f2a1eead5e8481f8d3749fc78bc79ed8675c11394 On npm install, the package's preinstall script triggers a DNS lookup to a unique subdomain of oast.fun fabekzbnjtufpffkzzmvjvi5eafhny3ok.oast.fun, a...

6.4AI score
Exploits0References4
EUVD
EUVD
added 2026/07/10 7:26 p.m.11 views

EUVD-2026-39125

SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:14 p.m.7 views

Malicious code in zwknum2 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77416f217dfc0c67264840a77643c3e075fea102d4b9acd57e649b6cf6d00635 --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:14 p.m.9 views

Malicious code in zwag26 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0999faf4e28fb0827686d305bfa686a269d48e6b20cde157bce6ee8028b0fb0 --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/07/07 12:9 p.m.3 views

MAL-2026-9314 Malicious code in wbotbzr999 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7045ddfbb1e06fe865cd698104a2ebc751e28f8b9aaefef2dfb4d575e104593 --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/07/07 12:6 p.m.2 views

MAL-2026-9026 Malicious code in tryf0zz (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ecfc4f10b4a0a251d04f14df2c54c8935ba397a5d3e145a0391af7a27473ee7 --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:0 p.m.4 views

Malicious code in prxca79e95716 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8754560f5a3b52151c2a6a0c4303204507b369909a5fa0869588559537a8695c --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.13 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
Rows per page
Query Builder