Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:2 p.m.14 views

Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab587fcd5a0b45e17454fc742007b8b597a0aec49b443d8a5a087ba910ea4a40 The package presents itself as a self-signed certificate generator, but its public generateCertificates API path loads sample/cert.pem, strips the...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/20 1:9 a.m.10 views

MAL-2026-4571 Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

6.1AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.7 views

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/12 3:30 a.m.4 views

Cross-site Request Forgery (CSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the evaluateCode function in the Mineflayer HTTP API. An attacker can execute unauthorized actions by tricking a user into making unwanted requests. Remediation...

8.8CVSS4.9AI score0.00224EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/12 1:30 a.m.2 views

CVE-2026-6109 FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.3AI score0.00224EPSS
Exploits1References5
CVE
CVE
added 2026/04/12 1:30 a.m.23 views

CVE-2026-6109

The CVE-2026-6109 entry describes a vulnerability in FoundationAgents MetaGPT up to 0.8.1, specifically in the evaluateCode function of metagpt/environment/minecraft/mineflayer/index.js (Mineflayer HTTP API). It enables cross-site request forgery and can be exploited remotely. Public exploit disc...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder