Lucene search
K

6 matches found

CVE
CVE
added 2026/06/24 8:56 p.m.10 views

CVE-2026-45688

The CVE-2026-45688 entry describes a pre-auth NoSQL injection in Rocket.Chat’s CAS login handler. Before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, the handler forwards client-supplied options.cas.credentialToken directly into a MongoDB findOne({_id: …}) query without...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:9 p.m.11 views

Malicious code in @service-user-notifications/set_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/05/14 7:25 p.m.8 views

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.18 views

n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/11 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.5 views

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack suffers from a security vulnerability that stems from the fact that application credential tokens can be used even after they have expired. Resulting in an authenticated remote...

6.6CVSS6.7AI score0.00607EPSS
Exploits1References3
Rows per page
Query Builder