Lucene search
K

33 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 3:14 a.m.11 views

Malicious code in tailwind-typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...

8.8CVSS6.6AI score0.00668EPSS
Exploits0References12
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.10 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...

10CVSS6.1AI score0.00668EPSS
Exploits0References112
Cvelist
Cvelist
added 2026/03/12 9:24 p.m.32 views

CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...

9.8CVSS0.00571EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.0 contained security vulnerabilities, which stemmed from insecure implementations of the calluserfuncarray function, potentially allowing remote code execution...

8.1CVSS6.1AI score0.00786EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.6 views

CVE-2018-18531

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

9.8CVSS7AI score0.01468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31504

The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.12 views

CVE-2022-31566

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

8.6CVSS7AI score0.01002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.7 views

CVE-2022-31576

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01164EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 10:16 p.m.7 views

CVE-2025-68118

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...

9.1CVSS0.00214EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 8:20 p.m.3 views

GHSA-55JH-84JV-8MX8 Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

8.4CVSS7.1AI score0.00166EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/12 8:20 p.m.4 views

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

8.4CVSS7.2AI score0.00166EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/12 8:14 p.m.5 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7AI score0.00166EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/11/13 1:2 a.m.5 views

smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

...

7AI score0.0015EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-53042

Malicious code in bioql PyPI...

9.3CVSS9.1AI score0.01118EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-47001

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00997EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29519

Malicious code in bioql PyPI...

6.6AI score
Exploits0References5
CVE
CVE
added 2025/09/17 2:25 p.m.14 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.7 views

PT-2025-35322

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.32 and prior to 15.4.7 Description Next.js is a React framework for building full-stack web applications. When the next function was used without explicitly passing the request object in self-hosted applications,...

8.2CVSS6.4AI score0.02328EPSS
Exploits0References17
Rows per page
Query Builder