Lucene search
K

1895 matches found

OSV
OSV
added 2026/05/21 2:34 p.m.8 views

MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/21 1:32 a.m.15 views

MAL-2026-4558 Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42523

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:11 p.m.12 views

Malicious code in @jemavidev/betteragents-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b6e1a3902ad5cc75204b7a6eea3727c6a6c31797d7cfd7a0cd12a64892887bd The package brands itself as an OpenRouter LLM extension and instructs users to obtain a key with the canonical sk-or-v1- prefix from...

5.8AI score
Exploits0References8
OSV
OSV
added 2026/05/20 10:11 p.m.8 views

MAL-2026-4397 Malicious code in @jemavidev/betteragents-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b6e1a3902ad5cc75204b7a6eea3727c6a6c31797d7cfd7a0cd12a64892887bd The package brands itself as an OpenRouter LLM extension and instructs users to obtain a key with the canonical sk-or-v1- prefix from...

5.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:20 a.m.11 views

Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/05/20 8:20 a.m.13 views

MAL-2026-4500 Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/05/20 5:41 a.m.14 views

MAL-2026-4654 Malicious code in qazaq-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...

6AI score
Exploits0References1
NVD
NVD
added 2026/05/20 2:16 a.m.20 views

CVE-2026-6404

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00239EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:6 a.m.11 views

Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS6AI score0.00239EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.48 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00239EPSS
Exploits0References7
CVE
CVE
added 2026/05/20 1:25 a.m.15 views

CVE-2026-6404

The CVE-2026-6404 case concerns the WordPress plugin Anomify AI – Anomaly Detection and Alerting (versions ≤ 0.3.6). The vulnerability is Stored Cross-Site Scripting (XSS) exploited via the anomify_api_key parameter. The root cause is inadequate input sanitization and missing output escaping: san...

4.4CVSS6AI score0.00239EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.5 views

CVE-2026-6404

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS6AI score0.00239EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42066

Name of the Vulnerable Software and Affected Versions Anomify AI – Anomaly Detection and Alerting plugin for WordPress versions prior to 0.3.7 Description The plugin is subject to Stored Cross-Site Scripting, a condition where malicious scripts are permanently stored on the target server. The iss...

4.4CVSS6AI score0.00239EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42115

Name of the Vulnerable Software and Affected Versions Anomify AI – Anomaly Detection and Alerting versions prior to 0.3.7 Description The plugin is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. The issue stems from missing nonce verification on the...

4.3CVSS6AI score0.00168EPSS
Exploits0References10
OSV
OSV
added 2026/05/19 9:37 p.m.16 views

MAL-2026-4748 Malicious code in eplang (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21 The package ships epl/.aiconfig.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation epl ai, epl ge...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/19 1:39 a.m.101 views

Exploit for CVE-2025-11203

CVE-2025-11203 – LiteLLM Health Endpoint APIKEY Information D...

3.5CVSS5.7AI score0.00418EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.13 views

CVE-2026-45339

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...

6.5CVSS5.8AI score0.00309EPSS
Exploits1References1
Rows per page
Query Builder