Lucene search
+L

128 matches found

osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-400 llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.4AI score0.00327EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7220

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

7.5CVSS6.8AI score0.01338EPSS
Exploits0References1
susecve
susecve
added 2026/05/27 12:57 p.m.35 views

SUSE CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References3
osv
osv
added 2026/05/27 4:16 a.m.6 views

UBUNTU-CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/27 2:34 a.m.117 views

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

0.00262EPSS
Exploits0References2
osv
osv
added 2026/05/22 11:16 a.m.13 views

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
osv
osv
added 2026/03/11 12:38 a.m.6 views

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

5.5CVSS5.9AI score0.001EPSS
Exploits0References6
packetstormnews
packetstormnews
added 2026/03/09 12:0 a.m.5 views

TLS 1.3 SNI Scanner

A command-line PHP vulnerability testing tool was developed to analyze TLS behavior through observation and logical reasoning, rather than relying on fixed rules or CVE numbers. The tool establishes multiple TLS connections to the same server and port using different SNI values. It then compares...

5.8AI score
Exploits0
openvas
openvas
added 2026/02/20 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2026-3beebfc8ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.5AI score0.00776EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 9:15 a.m.9 views

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

6.5CVSS6.8AI score0.00704EPSS
Exploits1References1
githubexploit
githubexploit
added 2025/10/19 3:54 p.m.128 views

vulnlog-poc

Vulnlog Proof of Concepts YAML and JSON Schema PoC - y...

6.8AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1882

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00485EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0117

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00704EPSS
Exploits1References7
osv
osv
added 2025/08/14 6:52 p.m.4 views

MAL-2025-26515 Malicious code in mjb-playground-module-as-cli-tool (npm)

The package mjb-playground-module-as-cli-tool was found to contain malicious code...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 2:3 a.m.9 views

CVE-2023-33958

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

6.5CVSS6.7AI score0.00485EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:2 a.m.6 views

CVE-2023-33957

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

5.7CVSS6.7AI score0.00506EPSS
Exploits0References1
ibm
ibm
added 2025/05/03 5:54 a.m.43 views

Security Bulletin: Additional security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2025.

Summary In addition to vulnerabilities announced in Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation...

8.7CVSS9AI score0.00969EPSS
Exploits0Affected Software2
osv
osv
added 2025/03/25 2:41 a.m.5 views

MAL-2025-2644 Malicious code in asset_cli_tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56eaa865141139174bfeca87a7ab5f743c5025167bf539b16b8688232094d479 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2025/02/14 5:19 p.m.54 views

GHSA-FGW4-V983-MGP8 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS6.4AI score0.00392EPSS
Exploits0References5
cve
cve
added 2025/02/14 4:38 p.m.299 views

CVE-2025-25204

The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...

6.3CVSS7AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder