Lucene search
K

858 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:21 p.m.10 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/27 5:27 p.m.26 views

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine SSU said it, together with the U.S. Federal Bureau of Investigation FBI, uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 11:5 a.m.6 views

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

6.5AI score
Exploits0
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:46 p.m.7 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References19
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00181EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS0.00305EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:49 a.m.19 views

Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34db1950ee9bdf9c75ae9bb2436085bbb443107321d8d7056a0bf3b8fae36978 The package is published as 'nhmpy' on PyPI but its contents are a verbatim copy of NumPy 2.4.6: the same source tree, docstrings, and license files...

6.1AI score
Exploits0References7
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.21 views

Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...

5.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in synago (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3e1bae7957cb735edd8424c1d2efe54b597c3a484ba77c9239e9ff8ec06327f The package installs synago-setup.pth, which Python auto-executes on every interpreter startup not only on import synago. The.pth contains an...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.18 views

Malicious code in pantheon-toolsets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3f2d24843d0caf23a36f07f7bd7b3adb7163463404856654f1745c7e75017be The wheel installs pantheontoolsets-setup.pth, which Python automatically executes at every interpreter startup before any user import. The.pth...

5.6AI score
Exploits0References7
Rows per page
Query Builder