Lucene search
K

8 matches found

OSV
OSV
added 2026/06/16 2:14 a.m.5 views

MAL-2026-5859 Malicious code in setka-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9dd5cda5d5a0925c139a36f0ea4c69b96052ff203d7dc365ac119408ba76069 package.json registers both preinstall and postinstall lifecycle hooks that run node callback.js, which executes automatically on npm install...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 3:24 p.m.11 views

Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/12 3:24 p.m.12 views

MAL-2026-5697 Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:43 p.m.12 views

Malicious code in menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...

5.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 6:51 a.m.9 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/03/10 8:52 a.m.3 views

BIT-ZOOKEEPER-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00617EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 8:50 a.m.2 views

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00617EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.20 views

Fedora 29 : hesiod (2018-792ff3cafa)

Fix CVE-2016-10152 hard-coded DNS fallback Fix CVE-2016-10151 weak SUID check Move package to autosetup Resolves: 1332509 Resolves: 1332494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

10CVSS7.7AI score0.0683EPSS
Exploits0References3
Rows per page
Query Builder