Lucene search
K

4 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.14 views

Malicious code in camelotlabs-core (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/05 9:15 p.m.3 views

GHSA-MH23-RW7F-V5PQ `time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/26 9:33 a.m.4 views

Malicious code in import-license-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.2AI score
Exploits0References1
Rows per page
Query Builder