Lucene search
+L

37569 matches found

NVD
NVD
added 2026/07/10 5:16 p.m.8 views

CVE-2026-53653

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS0.00301EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 4:12 p.m.6 views

CVE-2026-53653

Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 4:12 p.m.6 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 4:12 p.m.38 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 4:12 p.m.4 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References7
HackRead
HackRead
added 2026/04/28 8:53 p.m.9 views

Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/02 6:56 p.m.5 views

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

9.3CVSS5.7AI score0.00312EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in version-meteor-jupiter-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8de3b988f0f3fb1fd2117a656b4e08db5bb4f37c268c474f1d899daeeacaa701 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in alphard-webdriverio-titan-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e6fa009818dee865117cbf148422b8ae696230e95a2f87744c06ab81d74136b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in subscription-playwright-public-carina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 701a8a346bf74a50513bb9a55b5b268f778f18a886f3f088e3fa641fb990991a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in void-grus-superagent-planckscale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20a8a9fd08defaff05f5feabf694f5b971ed1904512ea95cf7ae5be645b34d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in integer-pipe-beta-orchestrate-simulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e55447a68009d0b9b6fa757453f8b249946f97b92a5891a39a495e91cec4d3a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in plutology-meteor-xerxes-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb5bc61e9eac228156b339e33b38872ab4c63538b4ef99c2269a8dd85462dd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in quick-serialize-small-bash-delta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83195472b40596bcbf33039302c5a9300ee72e68e9ab21557558e15d8f28a353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in lint-staged-superagent-eridanus-bionics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 066dc6b85c08093514728ad74577e54a20edffbcf7d838638c2e8ccbdc1dfd28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in cybernetics-concurrently-testcafe-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8f5792ee6c85cf91f477bdf5b37dca196fccc1875897cb6bdc09b40cb3c6d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in petrology-supercluster-relay-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64e7980d40954d8062670b9c1263d6823ca34e45eaee3e5ee43066b8d272c341 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.9 views

Malicious code in aether-start-lepton-mdx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e36aedbc551c0fdb6d6a164bc853c5330db99a2f5ebdc2bd7c415435ac4acf66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in secure-old-deploy-resolve-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd40e8463e8ef60e60e2f721f62d52e42e5b10ad7481073017d47ad4d0616fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder