Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 12:0 a.m.11 views

Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.5 views

CVE-2026-34523

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

5.3CVSS5.8AI score0.00449EPSS
Exploits1References1
NVD
NVD
added 2026/04/02 6:16 p.m.6 views

CVE-2026-34523

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

5.3CVSS0.00449EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29661

Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences %2E%2E%2F in requests to static file routes, an attacker can check for the existen...

5.3CVSS5.9AI score0.00449EPSS
Exploits1References5
CVE
CVE
added 2026/03/06 9:10 p.m.13 views

CVE-2026-30231

CVE-2026-30231 affects Flare, a Next.js-based self-hosted file sharing platform. Before version 1.7.2, raw and direct file routes failed to block authenticated non-owners who know a private file URL, enabling access that should be restricted. The issue is a private-file IDOR via raw/direct endpoi...

6CVSS5.7AI score0.00283EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23756

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where authenticated, non-owner users could access private files if they knew the file URL. This occurred because the raw and direct file routes...

6CVSS5.8AI score0.00283EPSS
Exploits1References3
Rows per page
Query Builder