Lucene search
K

1401 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-446 Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS7.8AI score0.01006EPSS
Exploits1References5
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.10 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:37 p.m.13 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)

Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...

8.7CVSS5.7AI score0.00519EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/04/03 9:10 a.m.8 views

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.2 views

Measuring Onion Website Discovery and Tor Users' Interests with Honeypots

Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/03/06 12:18 p.m.29 views

CVE-2018-25166 Meneame English Pligg 5.8 SQL Injection via search Parameter

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Meneame English Pligg SQL注入漏洞

Meneame English Pligg is a social news website aggregation script developed by the Meneame community. Version 5.8 of Meneame English Pligg contains an SQL injection vulnerability. This vulnerability stems from the search parameter in the index.php file, which allows for SQL injections, potentiall...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/12 8:15 p.m.5 views

CVE-2025-67500

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

3.7CVSS7AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 12:16 a.m.5 views

CVE-2025-67500

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

3.7CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 11:44 p.m.20 views

CVE-2025-67500

CVE-2025-67500 affects Mastodon prior to fixed versions: 4.2.28, 4.3.15, 4.4.10 and 4.5.3. The issue stems from error-handling discrepancies that let an attacker determine whether a private status exists by sending a request with a non-English Accept-Language header; it does not reveal the status...

3.7CVSS6.5AI score0.00196EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 11:44 p.m.3 views

CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

3.7CVSS6.5AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 11:44 p.m.39 views

CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

3.7CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-190485 Malicious code in zooarchaeology-darkmatter-higgs-algol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e40bacfaf5995390d7123e836a60c8f771cd8c541530f8bac5be2044ff74b519 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in meteor-deneb-phoebe-paleoanthropology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e503587813565ccf9b93395be34e61ce05fd7b6a71e5c4f6f1bc95a90b27696 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-187190 Malicious code in good-chi-nu-info-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f42b6bf2a01b6334b369bee120683abc5377dbaa3c0215c6a61aa6e01154bdbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-185685 Malicious code in avior-ganymede-backend-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a4711152c4083ccdb19747bdc390909e2dd6d6c64e5f7d82894ecc60e1fad7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in relay-neutrino-procyon-stratigraphy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b46d1421bf767e864fb70e46a380881c11baaf943274c94aeff70da06d51a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-189276 Malicious code in rollup-plugin-start-galaxy-neutronstar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f6f9ff2255f568a5fe51812bfe0074491bde1fc7e58142a7d271a74671ed39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-188258 Malicious code in new-optimize-async-spy-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b1c7a23fc78fcdeadaf377309af5ca61840ff7fca1e1debb675390e587536c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder