Lucene search
K

35480 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in tennacity (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...

6.2AI score
Exploits0References7
Nuclei
Nuclei
added yesterday33 views

ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API

changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...

5.4CVSS6AI score0.00441EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago151 views

User Profile Builder < 3.11.8 - File Upload

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. id: CVE-2024-6366 info: name: User Profile Builder 3.11.8 - File Upload author: s4e-io severity: high...

9.1CVSS6.1AI score0.28993EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago11 views

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...

10CVSS7.2AI score0.86441EPSS
Exploits6References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15529 yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...

6.5CVSS0.00252EPSS
Exploits0References7
Circl
Circl
added 4 days ago6 views

CVE-2026-57219

creationtimestamp| type| source ---|---|--- 2026-07-11 02:34:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmti4ic42f 2026-07-14 05:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqligiqa3y2s...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
Cvelist
Cvelist
added last week34 views

CVE-2026-15154 Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-15154

Technical details (affected products/versions, root cause specifics, remediation) are not publicly provided in the supplied documents. Monitor for updates to confirm scope, impact and fixes for CVE-2026-15154 regarding guardrails-detectors in Red Hat OpenShift AI.

6.5CVSS5.9AI score0.00204EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-59936 pypdf: Possible infinite loop for not terminated inline images

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS0.00345EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2026/07/07 4:0 p.m.7 views

Adaptive AI for Detecting Modern DGA Attacks

...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/07 3:22 p.m.10 views

MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.12 views

Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.14 views

Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:22 p.m.7 views

MAL-2026-6928 Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:22 p.m.7 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.12 views

Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:21 p.m.9 views

MAL-2026-6926 Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:21 p.m.11 views

Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56200

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDBM backend attribute encryption where a hardcoded static initialization vector is used for AES-CBC and 3DES-CBC operations. This allows an attacker with privileged...

4.4CVSS6.1AI score0.00077EPSS
Exploits0References7
Rows per page
Query Builder