Lucene search
K

104 matches found

The Hacker News
The Hacker News
added 2026/06/11 6:23 a.m.22 views

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.8 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/06 7:57 p.m.7 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:57 p.m.7 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:57 p.m.11 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.8AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the sender allowance mechanism, which allowed remote attackers to access restricted messages ...

5.4CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 10:49 p.m.4 views

EUVD-2026-4136

Backstage has a Possible SSRF when reading from allowed URL's in backend.reading.allow...

3.5CVSS5.3AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.7 views

WordPress plugin WP Job Portal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.6AI score0.00211EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-0587

Malware in sbrugna...

6.4CVSS6.4AI score0.01173EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6011

Malware in sbrugna...

7.5CVSS7.6AI score0.00926EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0065

Malware in sbrugna...

6.1CVSS6.8AI score0.03146EPSS
Exploits0References19
NVD
NVD
added 2025/03/24 7:15 p.m.7 views

CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

4.3CVSS0.0021EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/24 6:46 p.m.32 views

CVE-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

3.4CVSS0.00197EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/02 3:55 a.m.3 views

Malicious code in bsc-allowance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05dca51de24dd5fe00f6891f7a049b449842a8eea930e4ffda9a41b6e3bf41a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/01/02 3:55 a.m.9 views

MAL-2024-15 Malicious code in bsc-allowance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05dca51de24dd5fe00f6891f7a049b449842a8eea930e4ffda9a41b6e3bf41a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2023/12/13 12:0 a.m.14 views

Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()

Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.4 views

NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.7 views

Adversary can reenter mint to bypass max allowance.

Lines of code github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.solL189-L200 Vulnerability details Description MinterContract.mint calls NextGenCore.mint, which variables that accounts the amount of tokens each user minted is changed only after mintProcessing, that has a...

7.1AI score
Exploits0
Rows per page
Query Builder