Lucene search
K

1250 matches found

NVD
NVD
added 2026/07/07 10:16 a.m.10 views

CVE-2026-48891

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS0.00636EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56177

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description A bug in the /ui/dependencies scheduling graph endpoint allows an authenticated UI user with read permissions on some Dags to enumerate identifiers of other Dags they are not authorized to rea...

4.3CVSS6.1AI score0.00636EPSS
Exploits0References14
OSV
OSV
added 2026/06/09 7:50 a.m.10 views

MAL-2026-5349 Malicious code in @demica/core (npm)

Dep-confusion squat of internal @demica/core at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913; "authorized benign canary" framing does NOT downgrade, raw-IP...

5.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 6:47 p.m.13 views

CVE-2026-46305

A flaw was found in the Linux kernel, specifically within the rtl8723bs staging driver's osdep module. The rtwcbufalloc function does not properly validate the return value of a memory allocation, leading to an unconditional dereference of a potentially NULL pointer. This vulnerability could allo...

5.5CVSS5.4AI score0.001EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 8:0 a.m.11 views

MAL-2026-4200 Malicious code in art-template (npm)

Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/17 8:17 p.m.9 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.29 views

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

8.6CVSS0.00156EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 12:46 a.m.2 views

Malicious Package

Overview nativedep is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 12:48 p.m.15 views

Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:48 p.m.7 views

Malicious Package

Overview agoda-dep-confusion is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/24 12:48 p.m.12 views

MAL-2026-2126 Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/06 7:14 a.m.7 views

Malicious Package

Overview file-dep-a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.21 views

CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow

10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling...

9.8CVSS0.00709EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/06 10:29 p.m.165 views

Malware-Analysis-Project-SLMAIL-5.5-BOF-

Malware Analysis Project Introduction to exploit development w...

7.5AI score
Exploits0
EUVD
EUVD
added 2025/12/22 10:29 p.m.5 views

EUVD-2025-204768

Malicious code in airslate-dep-webpack npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/22 10:29 p.m.8 views

Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/12/22 10:29 p.m.4 views

MAL-2025-192693 Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/14 9:30 p.m.10 views

EUVD-2025-34455

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages...

8.4CVSS6.2AI score0.06129EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.17 views

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

9.9CVSS8.2AI score0.06129EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/10/14 7:31 p.m.28 views

CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

8.4CVSS0.06129EPSS
Exploits1References4
Rows per page
Query Builder