Lucene search
K

4070 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago6 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS5.9AI score0.0037EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.7 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:7 p.m.9 views

Malicious code in ts-biginteger-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8059a1d2db2edb7231b017023f82f6a651585c0ee7120aaebe882cb6407b9e3 Package is published as 'ts-biginteger-lib' but its metadata, README, and source are a wholesale copy of big.js by MikeMcl author set to 'Michael...

6.4AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 2:35 p.m.36 views

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 5:46 a.m.12 views

Malicious code in react-tracked-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeb24dfdd4a970dc44c017056c2a39bed6aa5973a7ec7e94b20c70d90114726c react-tracked-tony impersonates the popular react-tracked package: package.json sets name: react-tracked-tony, author: Daishi Kato, and homepage:...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.14 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.13 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.19 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00534EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.7 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSV
OSV
added 2026/05/06 2:44 p.m.6 views

BIT-JAVA-2024-21147

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

7.4CVSS6.8AI score0.01136EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 2:44 p.m.6 views

BIT-JAVA-MIN-2024-20952

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

7.4CVSS6.8AI score0.00918EPSS
Exploits0References6
OSV
OSV
added 2026/02/08 9:21 p.m.17 views

MAL-2026-812 Malicious code in hardixx-code (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/27 6:26 p.m.9 views

MAL-2026-548 Malicious code in tabletas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6.1AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Perl

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

5.9CVSS7.7AI score0.0037EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/26 1:38 p.m.3 views

openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

7.5CVSS5.9AI score0.00864EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.9 views

PT-2026-3865

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.13.x Description vLLM is an inference and serving engine for large language models LLMs. The software loads Hugging Face auto map dynamic modules during model resolution without verifying trust remote code. This...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References36
CVE
CVE
added 2026/01/16 12:11 a.m.14 views

CVE-2025-65118

CVE-2025-65118 affects AVEVA Process Optimization. The issue is described as an Uncontrolled Search Path Element that could allow an authenticated OS Standard User to cause Process Optimization services to load arbitrary code, enabling privilege escalation to OS System and potentially complete co...

9.3CVSS6.8AI score0.00257EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.13 views

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

6.9CVSS6.7AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder