Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.11 views

CVE-2026-44444

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan assertSafeBackendBundle. A malicious extension that ships a package.json with a preinstall,...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43400

Name of the Vulnerable Software and Affected Versions Lumiverse versions prior to 0.9.7 Description The Spindle extension build pipeline executes bun install without the --ignore-scripts flag before performing the static backend safety scan via the assertSafeBackendBundle function. This allows a...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Lumiverse 操作系统命令注入漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained an operating system command injection vulnerability. This vulnerability stemmed from the Spindle extension’s build pipeline, which called bun insta...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 8:34 a.m.16 views

MAL-2026-4647 Malicious code in prjct-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...

6.3AI score
Exploits0References1
Rows per page
Query Builder