Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/23 5:57 p.m.6 views

MAL-2026-4384 Malicious code in @dreamlake/lakeshore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:15 a.m.11 views

Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 12:44 a.m.10 views

Malicious code in @mcpassure/mcp-cnes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...

5.9AI score
Exploits0References11
OSV
OSVadded 2026/05/20 12:44 a.m.5 views

MAL-2026-4407 Malicious code in @mcpassure/mcp-cnes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...

5.9AI score
Exploits0References11
Snyk
Snykadded 2026/04/01 10:26 p.m.1 views

Directory Traversal

Overview @payloadcms/storage-r2 is a Payload storage adapter for Cloudflare R2 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intend...

7.1CVSS6.5AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.3 views

PT-2026-29598

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.78.0 Description The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Recommendations...

6.5CVSS5.9AI score0.00341EPSS
Exploits0References5
The Hacker News
The Hacker Newsadded 2023/08/15 6:14 p.m.48 views

Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security...

6.5AI score
Exploits0
Rows per page
Query Builder