Lucene search
K

127 matches found

Nuclei
Nuclei
added 18 hours ago15 views

Langflow - Broken Access Control

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS7.2AI score0.20655EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 10:49 a.m.8 views

CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS5.5AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:49 a.m.26 views

CVE-2026-47343

Technical details are not publicly available in the provided documents. Monitor TYPO3 security advisories for updates. The CVE describes unauthorized write actions on file mount folders across several TYPO3 CMS versions, with no publicly disclosed exploitation specifics.

7.2CVSS5.5AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:49 a.m.31 views

CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS0.00238EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/09 12:0 a.m.40 views

📄 phpVMS 7.0.5 Unauthenticated Import Endpoint Bypass

Proof of concept targeting phpVMS versions 7.0.5 and below. It scans multiple importer-related endpoints, attempts POST-based actions that simulate or trigger destructive operations such as import, delete, and database wipe behaviors, and classifies a target as vulnerable based on HTTP responses...

9.4CVSS5.4AI score0.01173EPSS
Exploits1
OSV
OSV
added 2026/06/08 10:18 a.m.12 views

MAL-2026-5320 Malicious code in openai-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c30f8b1a160c72529e2671b81be13ea671302e9bc3915ee84bd2212e0fdd5a3 The package name and module structure impersonate the official openai Python SDK the package even rewrites exported classes' module attribute to...

5.6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:54 a.m.11 views

Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/08 7:54 a.m.11 views

MAL-2026-5305 Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:53 a.m.11 views

Malicious code in rlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baacd735e23c83962845507427fa53c89bdc2e8e0456dbbce6f00a91bf4fe002 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:52 a.m.10 views

Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/08 7:52 a.m.14 views

MAL-2026-5304 Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/08 7:49 a.m.10 views

MAL-2026-5302 Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2d6b794431c52ef6b905eb676d70274a792cbca1b266a3405734a7a900860b Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.14 views

Malicious code in napari-ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5103d2b75fe554764a66f5e03957c303d4085a7d5133463f58aa0c83a87f5d7d Versions 0.0.2, 0.0.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.11 views

Malicious code in gpsea (PyPI)

The package gpsea version 0.9.14 contains a malicious .pth file gpsea-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated JavaScrip...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/06 6:13 a.m.11 views

MAL-2026-5275 Malicious code in napari-ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5103d2b75fe554764a66f5e03957c303d4085a7d5133463f58aa0c83a87f5d7d Versions 0.0.2, 0.0.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.16 views

Malicious code in uprobe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82230ac4ef4464e9696491bf25cfabbd5cff78ab2256f4aa1a0d5ad7456218a8 The package installs uprobe-setup.pth, which Python auto-loads at every interpreter startup in any environment where the wheel is present. The.pth...

5.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.18 views

Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.10 views

Malicious code in pyphetools (PyPI)

The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.12 views

Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...

5.5AI score
Exploits0References6
Rows per page
Query Builder