Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:41 p.m.8 views

Malicious code in @osmura/treeify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4643c1f27e4916ea6090f1e6196c980fa1d65b96899a80b1f57633eaf16a61a9 The package republishes the upstream treeify library Luke Plaster, repo notatestuser/treeify verbatim under the unrelated @osmura scope, preserving t...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/28 4:16 p.m.18 views

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS0.00288EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/08 3:45 p.m.10 views

EUVD-2026-28796

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

7.5CVSS5.8AI score0.00101EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.430 views

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

9.8CVSS9AI score0.99945EPSS
Exploits46
Rows per page
Query Builder