16090 matches found
CVE-2026-10532 vulnerabilities
Vulnerabilities for packages: apache-nifi, dependency-track-apiserver, sonar-scanner-cli, kafbat-ui, zookeeper-fips, zookeeper, cassandra-fips, thingsboard, cassandra, cassandra-reaper, nextflow...
GHSA-JHQ6-GFMJ-V8FX vulnerabilities
Vulnerabilities for packages: apache-nifi, dependency-track-apiserver, sonar-scanner-cli, kafbat-ui, zookeeper-fips, zookeeper, cassandra-fips, thingsboard, cassandra, cassandra-reaper, nextflow...
Malicious code in nodemon-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04b5ac5c522b156a64f943a2d8e2dfd170230d0a23ac0bae5ada0945c7aee4c7 The package name nodemon-gulp impersonates the widely used nodemon package and collides with the legitimate gulp-nodemon. The tarball is a...
Malicious code in @luminarycloudinternal/lcvis-st (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...
Malicious code in @luminarycloudinternal/frodo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...
mongo-express Remote Code Execution
mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...
MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...
MAL-2026-6928 Malicious code in paysafe-payments (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cc8e13806589e7fbb3dbe284624b88d6de8c030f32c04c20f8c76af059f33515 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-payments (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...
MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-kyc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...
MAL-2026-6926 Malicious code in paysafe-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...
Malicious code in @deathpoolxrs/dependency-confusion-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074dc1352aecc512f6de67bd23de8f920559302127e1d6da86a9001a499c6adf The package was found to contain malicious code or consuming dependency that contains malicious code...
CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
CVE-2026-55697
A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...
CVE-2026-48995
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to serve malicious software packages if the codeload.github.com server is compromised or a user's machine configuration is tampered with. The issue arises because pnpm does not verify the integrity of...
CVE-2026-50016
A flaw was found in pnpm, a package manager. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of...
CVE-2026-12252
CVE-2026-12252 affects nltk/nltk versions 3.9.3 and earlier, leaving five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser) vulnerable to untrusted JAR code execution. These classes accept user-controlled JA...