Lucene search
K

100 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-32621 Malicious code in sagemaker-forked-extensions (npm)

The package sagemaker-forked-extensions was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/07/10 9:31 p.m.3 views

CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action

Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...

4.1CVSS7.5AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/29 10:44 p.m.17 views

CVE-2025-2886

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...

5.7CVSS7.3AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 12:15 p.m.5 views

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

7.1CVSS5.9AI score0.0047EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/04/28 12:30 a.m.26 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS7.1AI score0.00408EPSS
Exploits0References6Affected Software2
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:2 p.m.54 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Attacker can drain the forked DAO's ERC20s by supplying a list with dupes to quit()

Lines of code Vulnerability details The quit function is used to allow members of the forked DAO to ragequit the dao and receive a pro-rata share of the ERC20 tokens that the DAO holds. One version of this functions allows the user to supply their own list of ERC20 tokens for the function to...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.10 views

Malicious whale of forked DAO can prevent smaller token holders from creating proposals

Lines of code Vulnerability details The proposal threshold on a forked DAO can be set all the way up to 1,000 basis points. If this were the case, only whales would be able to make proposals on the forked DAO. Impact The likelihood of this is low, because in order to set the proposalThresholdBps ...

6.6AI score
Exploits0
OSV
OSV
added 2023/04/05 8:15 p.m.1 views

UBUNTU-CVE-2022-3375

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to...

3.7CVSS5.7AI score0.00795EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 9:15 p.m.6 views

CVE-2023-28508

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process...

8.8CVSS7.3AI score0.00897EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 9:15 p.m.21 views

CVE-2023-28508

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process...

8.8CVSS8.8AI score0.00897EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/28 12:8 p.m.3 views

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/28 12:8 p.m.47 views

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering...

6.6AI score
Exploits0
OSV
OSV
added 2023/03/06 6:30 a.m.2 views

GHSA-5G97-WHC9-8G7J node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS7.1AI score0.01445EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...

6.9CVSS7.3AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.4 views

PT-2022-28210 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: ckb versions prior to 0.101.1 Description: The issue arises from the HeaderCheckercheck valid function skipping main chain checking, which can lead to network forking if a transaction uses a forked block header not present in the local node's...

7AI score
Exploits0References4
Snyk
Snyk
added 2022/09/08 11:24 a.m.2 views

Malicious Package

Overview react-native-aes-crypto-forked is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2022/01/09 2:46 a.m.17 views

GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo

faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...

7.2AI score
Exploits0
OSV
OSV
added 2021/12/22 7:15 p.m.5 views

UBUNTU-CVE-2021-40393

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file t...

10CVSS5.9AI score0.03064EPSS
Exploits1References4
Talos
Talos
added 2021/12/06 12:0 a.m.28 views

Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability

Summary An integer overflow vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious fi...

10CVSS9.5AI score0.02916EPSS
Exploits1
Rows per page
Query Builder