Lucene search
K

5 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.7 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

9.9CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:21 p.m.37 views

CVE-2026-13772 IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS0.00283EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 4:31 p.m.12 views

Malicious code in mddriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a5b264d05ffaf76e8be2d7a46cb2277211a045fa15e8c510ab60cdd5c5bae56 On require'mddriver', an IIFE in index.js invokes loadTokenData, which fetches https://www.jsonkeeper.com/b/C4H0M stored base64-encoded as...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/05/25 9:8 a.m.10 views

MAL-2026-4511 Malicious code in chai-as-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 9:5 a.m.9 views

Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

6.3AI score
Exploits0References1
Rows per page
Query Builder