Lucene search
K

205 matches found

Vulnrichment
Vulnrichment
added 2025/10/03 6:48 a.m.2 views

CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...

5.9CVSS6.7AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/09 2:50 p.m.14 views

CVE-2025-10183 XML External Entity Injection in TecConnect 4.1

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

9.1CVSS0.004EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : KMail Account Wizard vulnerability (USN-7732-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7732-1 advisory. It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. A...

5.9CVSS6AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/26 9:33 a.m.2 views

Malicious Package

Overview snapshot-photo is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and send it ...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2025/08/26 9:33 a.m.1 views

Malicious Package

Overview time-server-analyzer is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and se...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview soonje2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview zonblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview zonblogcafecomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview njongtoduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.3 views

Malicious Package

Overview njongtozon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview nblogduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview iuu-64bit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.3 views

Malicious Package

Overview duoblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview jongmogtolon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview boardpostingduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools fo...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview tblogduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview CAFEverillban is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview setago is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.6 views

Malicious Package

Overview setago2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview soonje1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder