Lucene search
K

2543 matches found

Veracode
Veracode
added 2026/03/25 8:50 a.m.11 views

Missing Cryptographic Key Commitment

aws/aws-sdk-php is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper handling of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decryp...

6CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

Fast-DDS 安全漏洞

Fast-DDS is a complete DDS system open-sourced by eProsima. Versions of Fast-DDS prior to 3.4.1, 3.3.1, and 2.6.11 contained security vulnerabilities. These vulnerabilities stemmed from modifying the PIDIDENTITYTOKEN or PIDPERMISSIONSTOKEN fields in the DATA sub-message, leading to integer...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/17 8:18 p.m.4 views

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.4AI score0.00103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.9 views

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...

6CVSS6.3AI score0.00176EPSS
Exploits0References7
OSV
OSV
added 2025/12/16 12:43 a.m.6 views

GHSA-6GVQ-JCMP-8959 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

6.5CVSS6.6AI score0.00262EPSS
Exploits0References13
NVD
NVD
added 2025/11/13 6:15 p.m.6 views

CVE-2025-12785

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server...

7.5CVSS0.00298EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in local-ursa-karma-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 773b5f237f0d46e775245f5dc04ee614693a922904809c9db79ac94c63b51f55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in pino-pretty-electron-palynology-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b36e22f77ac97013a394fdfb27730769ada345b6bc823b6adaff00ad707efbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in terser-sequelize-oberon-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac1c00d3c960ca9febe5f3d2a666ce6739ffd7071f21f9b258edfa785a39a09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in prompts-spectron-firebase-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43c6a43894d96d353ceb501de44bbbaf622f9e4b7ac2b38bfee7ab5376fb720c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in mui-asthenosphere-callback-webdriver-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a2d722d630c36391a6462a8aa7ec39781063cf28bea9b925ad28d6e43bd231 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in tectonic-pegasus-axios-nashira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccff1f983b671288870e7ba8007f191969e1bfa8964d96d55743f322876d114d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in levels-convict-json-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6438dc827ab933a352eebaba9c7906df80e3c4db8cca52f437cbe79dd92c0688 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in byte-decompress-cold-deploy-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ef141eff83134eb1dccf37d5ed667b1a2bb43d54e22c1432a3be0635611317e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in thread-monitor-async-omicron-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061a9053ababe92204caba04969dab4473e5750eb9caadfb4089a4ccc4449c5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in sandbox-interface-async-awk-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d605d85b24fa0acd2475a66a7a1eba0ee7f360ee3d825df216f0136d6f853d35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in higgs-biosignature-inflation-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6af5f94c074749c796605831b304d3b23f9cd7ecd27b0771334f6c877a95bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.10 views

Malicious code in apollo-ini-grunt-radiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c48d74220a2eebde40d0798cba3ab887af5402c7d0e4d32cb8683107a6650af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in build-neptunology-neptunology-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed64aacd308317013397e7f8a5aae9ee24e87f51b7fa69048677cd32e333872e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in hash-socket-slow-debug-interpret (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7eb938e088242a057f495dc0624b819b9294c2ad57b502008354dd8cad5c61db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder