Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:54 a.m.12 views

Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score
Exploits0References11
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.34 views

CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...

8.8CVSS0.00473EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 9:36 p.m.6 views

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

8.1CVSS5.8AI score0.0056EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0986

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01767EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/26 9:29 p.m.16 views

OpenBao allows cancellation of root rekey and recovery rekey operations without authentication

Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...

7.5CVSS6.9AI score0.00331EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/06/26 9:29 p.m.4 views

GHSA-PRPJ-RCHP-9J5H OpenBao allows cancellation of root rekey and recovery rekey operations without authentication

Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...

6.9CVSS6.9AI score0.00331EPSS
Exploits0References8
NVD
NVD
added 2025/06/25 5:15 p.m.5 views

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

7.5CVSS0.00331EPSS
Exploits0References4
OSV
OSV
added 2025/04/02 10:36 p.m.8 views

GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

9.3CVSS8.4AI score0.00951EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.41 views

openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)

update to 3.4.9 - bug 3442028 edit Inline editing enum fields with null shows no dropdown - bug 3442004 interface DB suggestion not correct for user with underscore - bug 3438420 core Magic quotes removed in PHP 5.4 - bug 3398788 session No feedback when result is empty signon authtype - bug...

4.3CVSS8.5AI score0.01401EPSS
Exploits3References3
Rows per page
Query Builder