71 matches found
EUVD-2026-36779
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
CVE-2026-50881
The vulnerability CVE-2026-50881 affects impworks Bonsai v6.0 and is due to incorrect access control. Authenticated attackers with Editor privileges can escalate to Administrator and perform unauthorized account, password, and configuration changes. The NVD/ENISA and related sources describe the ...
PT-2026-49322
Name of the Vulnerable Software and Affected Versions impworks Bonsai version 6.0 Description Incorrect access control allows authenticated attackers with Editor privileges to escalate their privileges to Administrator. This can lead to unauthorized changes to accounts, passwords, and system...
Malicious code in @bonsai-ai/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...
MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...
EUVD-2003-0151
Malware in sbrugna...
EUVD-2003-0148
Malware in sbrugna...
EUVD-2003-0149
Malware in sbrugna...
Malicious code in microsoft-bonsai-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...
MAL-2025-6826 Malicious code in microsoft-bonsai-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
swindon-bonsai.co.uk Cross Site Scripting vulnerability OBB-3364222
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in microsoft-bonsai-visualizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4585 Malicious code in microsoft-bonsai-visualizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Apache OFBiz - FULLADMIN Creator PoC Payload
No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...
Achievo <= 1.3.4 - SQL Injection
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...
Mozilla Bonsai 1.3 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5517/info A path disclosure vulnerability has been reported in Mozilla Bonsai. An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesti...