28 matches found
CVE-2026-54920
creationtimestamp| type| source ---|---|--- 2026-06-20 02:01:08+00:00| seen| https://bsky.app/profile/slackers.it/post/3moor6754ks2n...
GHSA-537C-GMF6-5CCF Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...
Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...
CVE-2026-45767
creationtimestamp| type| source ---|---|--- 2026-05-20 14:15:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qtiaud2c...
CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
Command Injection
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the Perforce::syncCodeBase and...
Malicious Package
Overview cms-site-api-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
CVE-2026-5812
creationtimestamp| type| source ---|---|--- 2026-04-09 00:55:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizlvzfkmx2z...
CVE-2026-28815
creationtimestamp| type| source ---|---|--- 2026-04-03 04:20:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikulke5wj2d 2026-04-03 15:23:03+00:00| seen| Telegram/DMrtbPbyVuvJyzUNlrr2TA99ljgvsTw1ZTHgoXyjyFD12Ec 2026-04-04 07:00:31+00:00| seen|...
melange 操作系统命令注入漏洞
Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper escaping of variables in the working directory field, which could...
CVE-2025-46270
creationtimestamp| type| source ---|---|--- 2026-01-20 15:30:28+00:00| seen| https://infosec.place/objects/ae4f32d6-c695-46c5-a4c4-270bb8d7cfee...
Linux Distros Unpatched Vulnerability : CVE-2025-11233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library...
CVE-2025-11233
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...
GHSA-H4GH-QQ45-VH27 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt. If you are...
Astra Linux – Vulnerability in Composer
Composer is a dependency manager for PHP. On the 2.x branch, prior to versions 2.2.24 and 2.7.7, the status, reinstall, and remove commands, when packages were installed from sources via Git, could allow execution of malicious code if the branch name contained specially crafted text in the...
Caracal - Static Analyzer For Starknet Smart Contracts
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to run in Scarb projects Installation Precompiled binaries Precompiled...
Cloudfox - Automating Situational Awareness For Cloud Penetration Tests
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...
Git-Dumper - A Tool To Dump A Git Repository From A Website
A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper options URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, --help show this help...
Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...