Lucene search
K

2043 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-49001

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions prior to 2.0.13 Description The dashboard's NoRoute handler contains a flaw in the fallbackToFrontend function. The system uses strings.HasPrefix to identify admin-frontend asset requests by checking if a URL starts...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References9
OSV
OSV
added 2026/06/11 8:26 p.m.7 views

GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.10 views

DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48812

Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.4.2 Description On API instances with public assets, any authenticated user can perform unauthorized write operations, regardless of their organization, project, or asset membership. This allows attackers to create...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/10 3:42 p.m.9 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2
OSV
OSV
added 2026/06/10 3:42 p.m.2 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.9AI score0.0028EPSS
Exploits3References4
CVE
CVE
added 2026/06/10 3:42 p.m.28 views

CVE-2026-46558

Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 2:50 p.m.8 views

Security Bulletin: : Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in dependencies

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in dependencies CVE-2026-33532, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-44431, CVE-2026-44432, CVE-2026-6321, CVE-2025-13465, CVE-2026-2950. The...

8.9CVSS5.8AI score0.01535EPSS
Exploits2Affected Software2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:54 a.m.17 views

Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae87e0c65760999b8ff4e28d11505b15a71a1a46dd8d761122e3d9d8e2cd85b6 The package is published as 'tlask', a single-character edit of the widely used 'flask' package on PyPI. Metadata and module contents are copied...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:52 a.m.15 views

Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2041887c315474d0722cbf717e189ec1260e209c5f00da5ca3a52a60c6aebb2 The package name rsquests is a single-character insertion typo of the top-100 PyPI package requests. Package metadata and source are a verbatim copy ...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.14 views

Malicious code in pyphetools (PyPI)

The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.15 views

Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0357c6b685cea74f9200e3e7df019e807e34eac6518ec83f1a5a654c35d97959 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.14 views

Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/06 6:13 a.m.10 views

MAL-2026-5323 Malicious code in ppkt2synergy (PyPI)

The package ppkt2synergy version 0.1.1 contains a malicious .pth file ppkt2synergy-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/06 6:13 a.m.10 views

MAL-2026-5322 Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/06 6:13 a.m.10 views

MAL-2026-5283 Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.21 views

Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in synago (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3e1bae7957cb735edd8424c1d2efe54b597c3a484ba77c9239e9ff8ec06327f The package installs synago-setup.pth, which Python auto-executes on every interpreter startup not only on import synago. The.pth contains an...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/06 6:13 a.m.17 views

MAL-2026-5299 Malicious code in pantheon-agents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ee06d7aabbdf76969119c2f986e18bbc7f0dcac59ae9cae4f7a04798f2d083d The package installs pantheonagents-setup.pth into site-packages, which Python auto-executes at every interpreter startup broader than import-time,...

5.8AI score
Exploits0References6
Rows per page
Query Builder