Lucene search
K

930 matches found

vulnersOsv
vulnersOsv
added 2026/05/21 9:49 p.m.5 views

claude-content-writer (=2.1.0) potentially affected by unknown CVE via claude-content-writer (=2.2.0)

claude-content-writer NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on claude-content-writer and may be impacted: - claude-content-writer =2.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4524...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:49 p.m.12 views

Malicious code in claude-content-writer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/21 9:49 p.m.7 views

MAL-2026-4524 Malicious code in claude-content-writer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...

6AI score
Exploits0References1
Fedora
Fedora
added 2026/05/18 1:24 a.m.18 views

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.1-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/18 12:44 a.m.17 views

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.1-1.fc44

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/15 2:0 p.m.4 views

OESA-2026-2309 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations i...

7.5CVSS7.2AI score0.00563EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/11 7:12 a.m.14 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS7.2AI score0.00563EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/05/11 7:8 a.m.11 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS7.2AI score0.00563EPSS
Exploits1References12
OSV
OSV
added 2026/05/08 11:19 p.m.4 views

GHSA-MV93-W799-CJ2W GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...

7CVSS5.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/08 9:11 p.m.11 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00563EPSS
Exploits1References12
Cvelist
Cvelist
added 2026/05/07 6:22 p.m.42 views

CVE-2026-44244 GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2026/05/06 10:16 p.m.16 views

CVE-2026-40296

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

5.4CVSS0.00225EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/06 9:58 p.m.11 views

GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, but Git still accepts an indented core stanza as a section header — so the injected core.hooksPa...

7.8CVSS6AI score0.00237EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:48 p.m.12 views

CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

5.4CVSS5.4AI score0.00225EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/06 8:48 p.m.34 views

CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

5.4CVSS0.00225EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/06 11:24 a.m.6 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS7.2AI score0.00563EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38295

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.49 Description The set value function in GitConfigParser passes values to Python's configparser without validating for newlines. Although the write function converts embedded newlines into indented continuation...

8.8CVSS5.9AI score0.00719EPSS
Exploits3References32
NVD
NVD
added 2026/05/05 8:16 p.m.5 views

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

5.4CVSS0.00202EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/05 7:39 p.m.26 views

CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

4.8CVSS0.00202EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 7:39 p.m.32 views

CVE-2026-35453

PhpSpreadsheet contains an XSS vulnerability in the HTML Writer when a cell uses a custom number format with an @ placeholder and additional literal text. The formatter returns early and escaping via htmlspecialchars() is skipped, allowing injected HTML/JavaScript in the generated HTML. Affected ...

5.4CVSS6AI score0.00202EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder