Lucene search
K

14320 matches found

OSV
OSV
added 2026/06/26 7:1 p.m.7 views

MAL-2026-6535 Malicious code in disksweep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 12:32 p.m.2 views

SUSE-SU-2026:0906-2 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15 Security Update : google-guest-agent (SUSE-SU-2026:2612-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2612-1 advisory. This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna...

10CVSS7AI score0.91969EPSS
Exploits4References60
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.18 views

CVE-2021-47987 Parse Server - Arbitrary Code Execution via Malicious Version Tags

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:41 p.m.11 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

8.8CVSS0.00127EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-48995

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...

7.5CVSS0.00116EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:58 p.m.34 views

CVE-2026-48995

CVE-2026-48995 affects pnpm, a package manager. Prior to versions 10.33.4 and 11.0.7, a malicious codeload.github.com server could serve arbitrary tarballs and pnpm would install them regardless of the lockfile because the tarball hash is not stored in the lockfile. This could enable tampering of...

7.5CVSS5.9AI score0.00116EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:42 p.m.23 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:42 p.m.29 views

CVE-2026-55697 pnpm: Repository-controlled configDependencies can select a pacquet native install engine

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

7.5CVSS0.00127EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:42 p.m.13 views

CVE-2026-55697

pnpm is vulnerable prior to 10.34.2 and 11.5.3: repository‑controlled configDependencies in pnpm-workspace.yaml could cause pnpm to install a repository‑controlled install‑engine (pacquet) by resolving a platform‑specific @pacquet/-/pacquet binary from node_modules/.pnpm-config and spawning it as...

8.8CVSS5.9AI score0.00127EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/25 12:27 a.m.2 views

MGASA-2026-0232 Updated nats-server packages fix security vulnerabilities

nats-server and its dependencies are updated to fix CVE-2025-30215 Missing access controls for JS API in multi-tenancy...

9.6CVSS5.8AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52522

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description pnpm allows the installation of configDependencies declared in pnpm-workspace.yaml before command dispatch. A repository can declare pacquet or @pnpm/pacquet as a config...

8.8CVSS5.8AI score0.00127EPSS
Exploits1References9
OSV
OSV
added 2026/06/24 2:0 p.m.5 views

UBUNTU-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00891EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 9:1 a.m.2 views

SUSE-SU-2026:2612-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...

10CVSS6.9AI score0.91969EPSS
Exploits4References38
OSV
OSV
added 2026/06/22 2:41 p.m.2 views

SUSE-SU-2026:22328-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References8
OSV
OSV
added 2026/06/22 2:30 p.m.3 views

OPENSUSE-SU-2026:21010-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 11:24 p.m.12 views

Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSV
OSV
added 2026/06/20 11:24 p.m.18 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 7:24 p.m.10 views

Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6AI score
Exploits0References17
Rows per page
Query Builder