Lucene search
K

16090 matches found

Chainguard
Chainguard
added yesterday2 views

CVE-2026-10532 vulnerabilities

Vulnerabilities for packages: apache-nifi, dependency-track-apiserver, sonar-scanner-cli, kafbat-ui, zookeeper-fips, zookeeper, cassandra-fips, thingsboard, cassandra, cassandra-reaper, nextflow...

6.3CVSS6.1AI score0.00342EPSS
Exploits0
Chainguard
Chainguard
added yesterday2 views

GHSA-JHQ6-GFMJ-V8FX vulnerabilities

Vulnerabilities for packages: apache-nifi, dependency-track-apiserver, sonar-scanner-cli, kafbat-ui, zookeeper-fips, zookeeper, cassandra-fips, thingsboard, cassandra, cassandra-reaper, nextflow...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nodemon-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04b5ac5c522b156a64f943a2d8e2dfd170230d0a23ac0bae5ada0945c7aee4c7 The package name nodemon-gulp impersonates the widely used nodemon package and collides with the legitimate gulp-nodemon. The tarball is a...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in @luminarycloudinternal/lcvis-st (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References3
Nuclei
Nuclei
added 3 days ago216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.8AI score0.84845EPSS
Exploits3References5
OSV
OSV
added 3 days ago5 views

MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago5 views

MAL-2026-6928 Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc8e13806589e7fbb3dbe284624b88d6de8c030f32c04c20f8c76af059f33515 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago5 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago6 views

MAL-2026-6926 Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago3 views

Malicious code in @deathpoolxrs/dependency-confusion-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074dc1352aecc512f6de67bd23de8f920559302127e1d6da86a9001a499c6adf The package was found to contain malicious code or consuming dependency that contains malicious code...

6AI score
Exploits0References1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

0.00361EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-55697

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...

8.8CVSS6.6AI score0.00127EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-48995

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to serve malicious software packages if the codeload.github.com server is compromised or a user's machine configuration is tampered with. The issue arises because pnpm does not verify the integrity of...

7.5CVSS6.5AI score0.00116EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-50016

A flaw was found in pnpm, a package manager. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of...

8.8CVSS6.2AI score0.00326EPSS
Exploits1References4
CVE
CVE
added 6 days ago20 views

CVE-2026-12252

CVE-2026-12252 affects nltk/nltk versions 3.9.3 and earlier, leaving five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser) vulnerable to untrusted JAR code execution. These classes accept user-controlled JA...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder