Lucene search
K

762 matches found

OSV
OSV
added 2025/11/12 4:29 a.m.0 views

MAL-2025-141924 Malicious code in electron-orbit-eris-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31d6232b592be2cc1a0994076a160047d12756e8ff87bd53613432dc6ecf7e06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-144961 Malicious code in middleware-mongodb-leda-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ac868d322cce021ae4cda8e245af3f8fa418596dc7f29ba457f1caaf7666878 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.7 views

PT-2025-46700

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1761813675 Tuleap Enterprise Edition versions prior to 16.13-5 and 16.12-8 Description Tuleap lacks cross-site request forgery CSRF protection in the management of Subversion SVN commit rules...

4.6CVSS6.4AI score0.0012EPSS
Exploits0References6
OSV
OSV
added 2025/11/11 10:56 p.m.2 views

MAL-2025-133060 Malicious code in eko-sambel36-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafa5e39c232c2f3c3306d88e6cf29b95ade187636341fea0c1765622fda417d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 7:26 a.m.1 views

MAL-2025-108622 Malicious code in sheer_stingray_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc61bcd567e345d59f6b80dc5c07a6169f405f9e4a863071a4a9f6ef78855a75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 2:29 a.m.1 views

MAL-2025-76240 Malicious code in wibowo-jamblang59-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 264c13d6e585c90e24549df58b490fcf5e30e2267212c581fa7d20ebc1ab7bea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.2 views

Malicious code in opposite-lime-cheetah (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ff88ebe00d3b5760aef3f55b9e96a7d2b1bafd325e83a41d9255bfe3a2fe98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 12:41 a.m.1 views

MAL-2025-68861 Malicious code in independent-silver-turtle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5146524a5491b8f8b5b0d7c09096983c8cad001e274ccbbf4cd31e4e6fa070d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 5:18 a.m.3 views

Malicious code in indah-gandul60-tititugel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91960244a64a969678bf971b6d75a746d55d64610757e645168a1590a75a7cdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/10 5:18 a.m.1 views

MAL-2025-54050 Malicious code in oktafian-lengko81-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9757902d93182d2b290bf167b743b9042f651fd3425ffc950e3f1b9c69255422 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/06 11:32 p.m.13 views

containerd CRI server: Host memory exhaustion through Attach goroutine leak

Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach e.g., kubectl attach could increase the memory usage of containerd. Patches This bug has been fixed in the following containerd...

6.9CVSS6.7AI score0.00162EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.9 views

PT-2025-45119

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.1.14, prior to 4.2.26, and prior to 5.2.8 Description Django is susceptible to a SQL injection issue due to improper handling of dictionary expansion when using the QuerySet.filter, QuerySet.exclude, and QuerySet.get...

9.4CVSS7.7AI score0.19396EPSS
Exploits10References180
CVE
CVE
added 2025/11/04 1:15 a.m.12 views

CVE-2025-43389

CVE-2025-43389 is a privacy issue affecting Apple platforms. The vulnerability was addressed by removing the vulnerable code, with fixes shipped in macOS Tahoe 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26.1, iOS 26.1 and iPadOS 26.1, and iOS 18.7.2 and iPadOS 18.7.2. Affected comp...

5.5CVSS6.5AI score0.00175EPSS
Exploits0References6Affected Software4
NVD
NVD
added 2025/10/31 12:15 a.m.9 views

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

7.3CVSS0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 11:30 p.m.3 views

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

6.4AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-44063

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.107 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Description A Cross-Site Request Forgery CSRF...

7CVSS7AI score0.00167EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2025/10/20 10:47 a.m.12 views

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-18340

Malware in sbrugna...

6.1CVSS6.3AI score0.00747EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-1978

Malware in sbrugna...

9.1CVSS8.9AI score0.00594EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1668

Malware in sbrugna...

8.6CVSS7.1AI score0.03286EPSS
Exploits0References22
Rows per page
Query Builder