Lucene search
K

53 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:12 a.m.8 views

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...

5.9AI score
Exploits0References26
OSV
OSV
added 2026/06/29 6:12 a.m.17 views

MAL-2026-6582 Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...

6.1AI score
Exploits0References26
OSV
OSV
added 2026/06/29 5:51 a.m.6 views

MAL-2026-6581 Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
The Hacker News
The Hacker News
added 2026/06/24 8:55 a.m.9 views

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

The U.S. Department of Justice DoJ on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/22 3:30 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getMember function in the backend endpoint when processing the cloudaccount argument. An attacker can execute code or manipulate application behavior by supplying crafted serialized data. Detail...

6.5CVSS6.1AI score0.00223EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/22 3:30 a.m.9 views

funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS5.1AI score0.00223EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/02/22 1:16 a.m.10 views

CVE-2026-2898

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS0.00223EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/22 12:2 a.m.9 views

CVE-2026-2898

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS5.2AI score0.00223EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/22 12:2 a.m.3 views

CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS5.4AI score0.00223EPSS
Exploits1References5
CVE
CVE
added 2026/02/22 12:2 a.m.19 views

CVE-2026-2898

The CVE concerns funadmin up to 7.1.0-rc4, affecting the Backend Endpoint through the function getMember in app/common/service/AuthCloudService.php. The issue stems from deserialization triggered by manipulating the cloud_account argument, enabling a remote attack. The exploit is publicly availab...

6.5CVSS5.2AI score0.00223EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.14 views

FunAdmin 代码问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the cloudaccount parameter in the function getMember within the component’s Backen...

6.5CVSS6.2AI score0.00223EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.16 views

PT-2026-21403

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud account results in deserialization. The attack may be performed from...

6.5CVSS5.2AI score0.00223EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7356

Malware in sbrugna...

9.3CVSS7.1AI score0.00859EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17190

Malware in sbrugna...

8.8CVSS8.8AI score0.02597EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-16160

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-16170

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/07/01 3:15 p.m.9 views

CVE-2025-34066

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

8.3CVSS5.9AI score0.00269EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/24 12:18 a.m.22 views

CVE-2025-45468

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...

8.8CVSS7.2AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/24 12:18 a.m.11 views

CVE-2025-45471

Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...

8.8CVSS7.2AI score0.00343EPSS
Exploits1References1
Rows per page
Query Builder