Lucene search
K

1090 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 10:43 a.m.12 views

Malicious code in jenkins-forge-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/15 10:43 a.m.7 views

MAL-2026-3790 Malicious code in jenkins-forge-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 10:43 a.m.11 views

Malicious code in jenkins-forge-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/15 10:43 a.m.17 views

MAL-2026-3789 Malicious code in jenkins-forge-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/15 10:43 a.m.8 views

Malicious Package

Overview jenkins-forge-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:43 a.m.10 views

Malicious Package

Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2020-31214

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.11 views

CVE-2020-37168

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/11 7:16 p.m.6 views

Command Injection

Overview automagik-genie is a Self-evolving AI agent orchestration framework with Model Context Protocol support Affected versions of this package are vulnerable to Command Injection via the readTranscriptFromCommit function. An attacker can execute arbitrary system commands by supplying crafted...

9.2CVSS5.9AI score0.01008EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29159

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.5 views

GHSA-64VR-4GR2-M642 automagik-genie has a command injection vulnerability

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

8.1CVSS6AI score0.01008EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.8 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

8.1CVSS0.01008EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/11 4:16 p.m.9 views

@senoldogann/code-companion (>=0.1.38 <=0.1.56), @treeseed/agent (>=0.8.5 <=0.10.0) +6 more potentially affected by CVE-2026-45033 via @github/copilot (>=1.0.27 <=1.0.40)

@github/copilot NPM version =1.0.27, =0.1.38, =0.8.5, =0.6.0, =0.6.1, =0.6.8, =1.0.0, =2.0.0 - @vibe-forge/client =1.0.0 - bitbucket-copilot-pr-review =0.5.1 Source cves: CVE-2026-45033 Source advisory: SNYK:JS-GITHUBCOPILOT-16642141...

8.5CVSS5.7AI score0.0035EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.7 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.33 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

0.01008EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 12:0 a.m.19 views

CVE-2026-30635

CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...

8.1CVSS6.1AI score0.01008EPSS
Exploits0References1
Rows per page
Query Builder