Lucene search
K

125 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in theta-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6967c021e95228b33b18be4489fea5d404720cbd21beb53dac8bf7ea4f4d54d1 [email protected] ships src/decrypt.js and src/providers/BaseProvider.js which together implement a hidden execution channel. On module load,...

6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/01 10:35 a.m.8 views

CVE-2026-57452

A flaw was found in Vim, an open source command-line text editor. When opening a specially crafted encrypted file using the VimCrypt04! or VimCrypt05! methods, an attacker could trigger an unsigned length calculation error. This issue leads to an out-of-bounds read, causing Vim to crash and...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 3:27 p.m.3 views

CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

5.5CVSS6AI score0.0012EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/06/25 3:27 p.m.8 views

CVE-2026-57452

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.7 views

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

2.7CVSS6.6AI score0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-11453

Malware in sbrugna...

9.3CVSS7.7AI score0.01059EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-6611

Malware in sbrugna...

7.5CVSS7.5AI score0.02511EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13934

Malware in sbrugna...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0005

Malware in sbrugna...

4.7CVSS7AI score0.00374EPSS
Exploits0References27
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 a.m.9 views

CVE-2019-4327

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...

7.5CVSS6.9AI score0.01015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/04 5:3 p.m.27 views

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

5.5CVSS6.9AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2025/05/02 4:15 p.m.16 views

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

5.5CVSS0.00165EPSS
Exploits0References4
OSV
OSV
added 2025/05/02 4:15 p.m.5 views

UBUNTU-CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/05/02 3:55 p.m.16 views

CVE-2023-53055 fscrypt: destroy keyring after security_sb_delete()

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

0.00165EPSS
Exploits0References4
OSV
OSV
added 2025/05/02 3:55 p.m.15 views

CVE-2023-53055 fscrypt: destroy keyring after security_sb_delete()

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

5.5CVSS5AI score0.00165EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a custom encryption tool endpoint that does not restrict encrypted files, potentially leading to ransomware behavior...

6.5CVSS6.4AI score0.0033EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-1740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes ansible-vault edit, another user on the same...

4.7CVSS6.7AI score0.00374EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.33 views

CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

5.5CVSS6AI score0.00258EPSS
Exploits0References5
CVE
CVE
added 2024/10/29 12:44 p.m.50 views

CVE-2024-41156

CVE-2024-41156 affects Hitachi Energy TRO600 radios; the issue is a command-execution/privilege-leak risk via the Edge Computing UI, with profile files from TRO600 radios exportable in plaintext and encrypted formats. Exploitation requires authenticated write access, enabling access to configurat...

2.7CVSS3.9AI score0.00364EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.9 views

Fedora: Security Advisory (FEDORA-2023-28962dd58a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Rows per page
Query Builder