Lucene search
K

1038 matches found

OSV
OSV
added 2026/03/15 9:34 a.m.4 views

MAL-2026-1435 Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:29 a.m.5 views

Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/15 9:29 a.m.3 views

MAL-2026-1431 Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:51 p.m.5 views

Prototype Pollution

Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...

9.9CVSS6.6AI score0.00512EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 8:51 p.m.5 views

EUVD-2026-12135

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization...

9.9CVSS5.8AI score0.00512EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 8:51 p.m.14 views

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/03/13 8:51 p.m.6 views

GHSA-PFJJ-6F4P-RVMH Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 8:29 p.m.8 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:29 p.m.6 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/03/13 8:29 p.m.31 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00512EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 8:29 p.m.55 views

CVE-2026-32621

CVE-2026-32621 affects Apollo Federation’s gateway, with a root cause in query plan execution leading to possible pollution of Object.prototype. The advisory and CVE entry indicate the issue exists prior to fixes in versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, involving either crafted oper...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 8:29 p.m.5 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25379

Name of the Vulnerable Software and Affected Versions Apollo Federation versions prior to 2.9.6 Apollo Federation versions prior to 2.10.5 Apollo Federation versions prior to 2.11.6 Apollo Federation versions prior to 2.12.3 Apollo Federation versions prior to 2.13.2 Description Apollo Federation...

9.9CVSS5.5AI score0.00512EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 7:43 a.m.9 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.5CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 9:19 p.m.1 views

CVE-2026-28432 HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.1CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 9:19 p.m.39 views

CVE-2026-28432 HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.1CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:19 p.m.9 views

CVE-2026-28432

CVE-2026-28432: Misskey HTTP signature verification bypass . Affects Misskey servers prior to 2026.3.1, allowing bypass of HTTP signature verification (federation-related vulnerability that affects all servers, regardless of federation enablement). Root cause: bypass of the HTTP signature check. ...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/09 9:19 p.m.3 views

EUVD-2026-10368

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.1CVSS5.8AI score0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:19 p.m.1 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.1CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder