Lucene search
K

187 matches found

OSV
OSV
added 2025/07/08 5:15 p.m.8 views

CVE-2025-21168

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.8AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 2:38 a.m.2 views

MAL-2025-5715 Malicious code in pbr-client (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4933f0eae305db421cd46414b1773fb97338c6966af0abd06e1232ffe4c4c96f Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/01 3:40 p.m.1 views

MAL-2025-5341 Malicious code in sdk.babelhelpz (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35a386ca07268b83d7deb1496905ac42d5da336255e8beafcdb87d394f34080e Any computer that has this package installed or running should be considered...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/06/18 10:17 a.m.1 views

MAL-2025-5072 Malicious code in @me404org/test (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2025/06/17 2:21 a.m.5 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

7AI score0.00141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.7 views

CVE-2024-21497

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability,...

6.1CVSS6.2AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.7 views

CVE-2024-11363

The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/05/23 1:32 a.m.3 views

MAL-2025-4376 Malicious code in mshop2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b230b23967aac14c732f470e9bfd9d34d27bf592c1e3ca7150e827ef17cf5e91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 a.m.9 views

CVE-2019-10924

A vulnerability has been identified in LOGO! Soft Comfort All versions V8.3. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated...

7.8CVSS7.6AI score0.01274EPSS
Exploits0References1
OSV
OSV
added 2025/05/16 2:13 p.m.4 views

MAL-2025-3920 Malicious code in statewars (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3054b3bc016fb28cbd39ad6ff12e082819c4ded2b17560fa6a0d5e750c80f61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/04/03 12:34 a.m.3 views

MAL-2025-3127 Malicious code in windowsreveal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45eb7752fa24f9edaffa6707ee8ec4e0b1684a637d4d1cc1f6a003d040039332 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 12:0 a.m.16 views

CVE-2025-29294

...

Exploits0
OSV
OSV
added 2025/03/20 5:26 a.m.8 views

MAL-2025-3143 Malicious code in arnotest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64475736790097a8b2e30db87aa02796673e4a50b3af8e0d633eb261ec376983 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/17 12:0 a.m.8 views

PT-2025-11567 · National Instruments · Ni Vision Builder Ai

Name of the Vulnerable Software and Affected Versions: NI Vision Builder AI affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this, as the target must...

8.8CVSS7.4AI score0.00482EPSS
Exploits0References6
OSV
OSV
added 2025/03/14 2:11 a.m.5 views

MAL-2025-2394 Malicious code in newland-digitization-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35b5f032125648b5b2cad6fb57b4fcf1c6ab755e93b9ca9640fc85e041bed665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/03/14 2:11 a.m.3 views

MAL-2025-2393 Malicious code in newland-component-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a4a9b55a483b5ec495bb5e9c06c5285932e3ff8eb091beee14345f52431123f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/03/04 9:17 a.m.4 views

MAL-2025-2133 Malicious code in upbit-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d286e3f82c3645432dde4b543a65c1f912bca545c3ad1abd486e8efd23bbde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/02/03 9:1 a.m.8 views

MAL-2025-1077 Malicious code in com.unity.services.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570e09325b7eeead7439db1cd6a223b5de2ddab48982af7bb43957a6c48d9069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/02/03 8:44 a.m.5 views

MAL-2025-1097 Malicious code in cscropper-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03314c2593e63f6f953b281505c7a63eaa4fe7c3ffd71eb8fd8c28d5c1c16fd2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 8:21 a.m.18 views

CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

8.8CVSS0.01088EPSS
Exploits0References3
Rows per page
Query Builder