Lucene search
K

255 matches found

Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview dazaar-cli is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview todo-plz is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package use...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview transform-proto-to-assign is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavio...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.10 views

Malicious Package

Overview transform-dynamic-import is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/02/25 2:16 a.m.12 views

CVE-2026-24847

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...

6.1CVSS0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/12 10:6 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
NVD
NVD
added 2026/01/28 6:15 a.m.8 views

CVE-2026-1298

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

4.3CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 5:30 a.m.3 views

CVE-2026-1298 Easy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/01/23 5:16 a.m.5 views

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

8CVSS0.00381EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/23 3:55 a.m.7 views

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

8CVSS8AI score0.00381EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/23 3:55 a.m.27 views

CVE-2025-3839 Epiphany: insecure external protocol invocation in epiphany

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

8CVSS0.00381EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:55 a.m.3 views

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

8CVSS6.1AI score0.00381EPSS
Exploits0References3
NVD
NVD
added 2026/01/10 3:15 a.m.6 views

CVE-2025-68470

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.6 views

CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...

8.1CVSS7AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.10 views

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

6.1CVSS6.5AI score0.045EPSS
Exploits5References1
Circl
Circl
added 2025/12/31 9:26 p.m.4 views

CVE-2025-23757

creationtimestamp| type| source ---|---|--- 2025-12-31 21:26:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbcskbfr232q 2026-01-02 08:04:45+00:00| seen| https://gist.github.com/Darkcrai86/71ca2a26db1ead5c7de46df9082e0d21...

7.1CVSS8.7AI score0.00149EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 5:15 p.m.4 views

CVE-2025-20382

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using th...

5.4CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 1:23 a.m.5 views

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

9.3CVSS6.5AI score0.00402EPSS
Exploits0References9
OSV
OSV
added 2025/10/13 8:15 p.m.6 views

CVE-2025-58084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 7:57 p.m.7 views

CVE-2025-58084 Mattermost Desktop App crashes when clicking on malformed external URL

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

3.5CVSS0.0027EPSS
Exploits0References1
Rows per page
Query Builder