Lucene search
K

39 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in eth-react-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbd414dae34760c2eda09d2093a62a14d694f759350676e88229319a16594e78 On require, index.js calls callCallerAsOrigin which spawns lib/caller.js as a detached, stdio-ignored child process spawnprocess.execPath, script,...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/27 2:32 a.m.4 views

MAL-2026-6544 Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:18 a.m.13 views

Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 3:4 a.m.19 views

Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:34 p.m.16 views

Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/02 7:43 a.m.16 views

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.2CVSS5.8AI score0.00144EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 3:14 a.m.12 views

Malicious code in tailwind-typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...

5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/07 6:17 p.m.16 views

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

6.2CVSS6.1AI score0.00144EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/07 5:6 p.m.8 views

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

6.2CVSS6.1AI score0.00144EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.22 views

VulnCheck KEV: CVE-2025-9501

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS7.6AI score0.19638EPSS
In wildExploits1References2
OSV
OSV
added 2026/04/29 6:0 a.m.7 views

RLSA-2026:11349 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...

6.2CVSS5.3AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

RockyLinux 8 : libxml2 (RLSA-2026:11349)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11349 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...

6.2CVSS5.3AI score0.00144EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2025/12/02 9:4 a.m.5 views

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

6.2CVSS4.8AI score0.00144EPSS
Exploits0
OSV
OSV
added 2025/12/01 12:0 a.m.6 views

ALSA-2025:22376 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...

6.2CVSS6.8AI score0.00144EPSS
Exploits0References4
OSV
OSV
added 2025/11/17 7:26 a.m.2 views

SUSE-SU-2025:4116-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...

6.2CVSS6.9AI score0.00202EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/17 6:30 a.m.7 views

EUVD-2025-197764

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS7.4AI score0.19638EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/17 6:0 a.m.16 views

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

0.19638EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

WordPress plugin W3 Total Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9CVSS7.5AI score0.19638EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/16 12:0 a.m.9 views

SUSE SLES12: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-doc / etc (SUSE-SU-2025:4104-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4104-1 advisory. - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite...

6.2CVSS6.2AI score0.00202EPSS
Exploits1References7
OSV
OSV
added 2025/10/06 2:8 p.m.10 views

GHSA-HMGH-466J-FX4C Flowise vulnerable to RCE via Dynamic function constructor injection

Summary User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host not sandboxed leading to RCE. Details When creating a new Custom MCP Chatflow in the platform, the MCP Server Config displays a...

9.8CVSS7.8AI score0.1742EPSS
Exploits0References4
Rows per page
Query Builder