Lucene search
+L

42 matches found

osv
osv
added 2026/07/01 8:28 p.m.6 views

MAL-2026-6721 Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.9 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS5.7AI score0.00499EPSS
Exploits0References1
nvd
nvd
added 2026/05/19 5:16 p.m.29 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS0.00499EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 3:53 p.m.44 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS0.00499EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 3:53 p.m.16 views

EUVD-2026-30952

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS6AI score0.00499EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/19 3:53 p.m.6 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS6AI score0.00499EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/19 3:53 p.m.7 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS6AI score0.00499EPSS
Exploits0References1
osv
osv
added 2026/05/19 3:53 p.m.3 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS6.1AI score0.00499EPSS
Exploits0References3
cve
cve
added 2026/05/19 3:53 p.m.22 views

CVE-2026-47356

Terrascan v1.18.3 and earlier are affected by an SSRF in the server mode feature. An unauthenticated attacker can supply an arbitrary URL via the webhook_url multipart form parameter in POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan, causing Terrascan to POST the full scan results to the att...

8.7CVSS6AI score0.00499EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.16 views

PT-2026-41952

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhook url parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook url...

8.7CVSS6AI score0.00499EPSS
Exploits0References2
ossf
ossf
added 2026/04/15 6:37 p.m.21 views

Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score
Exploits0References2
rustsec
rustsec
added 2026/04/13 12:0 p.m.14 views

`microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

5.8AI score
Exploits0
osv
osv
added 2026/04/13 12:0 p.m.4 views

RUSTSEC-2026-0102 `microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

5.8AI score
Exploits0References2
attackerkb
attackerkb
added 2026/02/25 11:33 p.m.5 views

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS5.5AI score0.00243EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2025/12/12 6:30 p.m.7 views

EUVD-2025-203095

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

8.8CVSS6.7AI score0.00256EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/01 3:51 p.m.4 views

CVE-2025-8351 Avira antivirus engine heap buffer OOB read when scanning a malformed file

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.4AI score0.00138EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11935

Malware in sbrugna...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References3
gitee
gitee
added 2025/09/06 8:23 a.m.82 views

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

7AI score
Exploits0
nessus
nessus
added 2024/10/25 12:0 a.m.10 views

NuGet Package 'Tiktoken' Detection

The remote host has a 'Tiktoken' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

5.8AI score
Exploits0References1
nessus
nessus
added 2024/10/16 12:0 a.m.25 views

Qnap QTS Command Injection (CVE-2018-0730)

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

9.8CVSS8.6AI score0.0196EPSS
Exploits0References2
Rows per page
Query Builder