Lucene search
K

55 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:6 p.m.8 views

Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53200 KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS0.00129EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 p.m.28 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:50 p.m.10 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 4:50 p.m.16 views

EUVD-2026-32970

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 11:47 a.m.3 views

MAL-2026-2660 Malicious code in use-feature-flags-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:47 a.m.5 views

Malicious code in use-feature-flags-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/08 10:12 p.m.10 views

@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)

@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...

7.5CVSS5.8AI score0.00319EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:22 p.m.8 views

Malicious code in sq-minimal-feature-flags (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:34 a.m.8 views

Malicious code in @immuta/feature-flags-core (npm)

Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/13 5:34 a.m.4 views

MAL-2026-1381 Malicious code in @immuta/feature-flags-core (npm)

Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.5 views

CVE-2026-0650

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS7AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 12:31 p.m.7 views

GHSA-RWP9-5G7Q-73Q3 OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS5.4AI score0.00439EPSS
Exploits0References6
NVD
NVD
added 2026/01/07 12:17 p.m.6 views

CVE-2026-0650

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS0.00439EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/07 4:55 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...

9.8CVSS7.1AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/07 4:55 a.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...

9.8CVSS7.1AI score0.00439EPSS
Exploits0References2
OSV
OSV
added 2026/01/07 4:29 a.m.5 views

CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS5.9AI score0.00439EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1559

Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18 Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication,...

9.3CVSS6.7AI score0.00439EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2025/10/28 7:19 a.m.4 views

Security update 5.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-alertmanager: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document th...

7.6CVSS7.1AI score0.37565EPSS
Exploits0References62
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13288

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00278EPSS
Exploits0References4
Rows per page
Query Builder