Lucene search
+L

60 matches found

OSV
OSV
added 4 days ago5 views

MAL-2026-10232 Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
Cvelist
Cvelist
added last week31 views

CVE-2026-58493 grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Connection String Construction

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS0.00288EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/07 10:4 p.m.6 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0
OSV
OSV
added 2026/07/07 10:4 p.m.6 views

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.3 views

MAL-2026-10221 Malicious code in @flex-ng/error-component (npm)

The @flex-ng/error-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10237 Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.3 views

MAL-2026-10231 Malicious code in enbd-react-logger (npm)

The enbd-react-logger package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd'...

6.1AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/06/05 6:11 p.m.7 views

ait-dsn (=2.0.0), ait-gui (>=2.4.0 <=2.4.1) potentially affected by CVE-2026-47731 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.4.0, =2.4.1 Source cves: CVE-2026-47731 Source advisory: OSV:GHSA-P462-PRXW-MJX4...

5.5AI score0.00163EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:28 p.m.11 views

Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

5.8AI score
Exploits0References12
OSV
OSV
added 2026/05/20 5:37 p.m.21 views

CLSA-2026-1779298645 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

7.5CVSS6AI score0.00415EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 9:25 a.m.14 views

CLSA-2026-1779096347 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

7.5CVSS6AI score0.00415EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 10:50 p.m.11 views

CLSA-2026-1778874422 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

7.5CVSS6AI score0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 11:50 p.m.21 views

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

6CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 4:6 p.m.6 views

EUVD-2026-8597

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...

9.3CVSS5.2AI score0.00286EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.8 views

Fedora 43 : roundcubemail (2025-58eb59741f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

7.5CVSS6AI score0.19769EPSS
Exploits1References3
Hacker One
Hacker One
added 2025/10/16 7:34 p.m.27 views

curl: SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix

Executive Summary libcurl version 8.16.0 contains a critical SMTP command injection vulnerability CVE-quality in the implementation of RFC 3461 Delivery Status Notification DSN parameter support. The vulnerability allows an attacker to inject arbitrary SMTP commands by including CRLF \r\n...

7.9AI score
Exploits0
OSV
OSV
added 2025/07/30 2:29 p.m.6 views

CVE-2025-54433 Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

7.2CVSS6.6AI score0.00538EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.10 views

PT-2025-31371

Name of the Vulnerable Software and Affected Versions Bugsink versions 1.4.2 and below Bugsink versions 1.5.0 through 1.5.4 Bugsink versions 1.6.0 through 1.6.3 Bugsink versions 1.7.0 through 1.7.3 Description Bugsink is a self-hosted error tracking service. Ingestion paths construct file locatio...

7.2CVSS6AI score0.00538EPSS
Exploits0References20
Rows per page
Query Builder