Lucene search
+L

570 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:28 a.m.12 views

Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
OSV
OSV
added 2026/05/20 2:28 a.m.9 views

MAL-2026-4394 Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:7 p.m.13 views

Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 9:7 p.m.14 views

MAL-2026-4751 Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

5.8AI score
Exploits0References2
Chainguard
Chainguard
added 2026/05/12 1:17 p.m.28 views

CVE-2026-44902 vulnerabilities

Vulnerabilities for packages: cadence-web, gemini-cli, librechat, langfuse-fips, kibana, langfuse...

7.5CVSS5.1AI score0.00455EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/12 1:17 p.m.11 views

GHSA-Q7RR-3CGH-J5R3 vulnerabilities

Vulnerabilities for packages: cadence-web, gemini-cli, librechat, langfuse-fips, kibana, langfuse...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.44 views

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/05/07 8:31 p.m.10 views

How to Disable Google's Gemini in Chrome

Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/05/07 12:0 p.m.11 views

Google Chrome Accused of Silently Installing 4GB AI Model on User Devices

Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.17 views

GHSA-V2V4-37R5-5V8G vulnerabilities

Vulnerabilities for packages: kibana, saf, tileserver-gl, kubeflow-pipelines, lerna, code-server, actions-runner, opensearch-dashboards, librechat, kubeflow-katib, drupal, npm, wazuh-dashboard-fips, langfuse-fips, langfuse, wazuh-dashboard, opensearch-dashboards-fips, renovate, prism,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.16 views

CVE-2026-42338 vulnerabilities

Vulnerabilities for packages: kibana, saf, tileserver-gl, kubeflow-pipelines, lerna, code-server, actions-runner, opensearch-dashboards, librechat, kubeflow-katib, drupal, npm, wazuh-dashboard-fips, langfuse-fips, langfuse, wazuh-dashboard, opensearch-dashboards-fips, renovate, prism,...

8.1CVSS7.1AI score0.00471EPSS
Exploits1
HackRead
HackRead
added 2026/05/06 8:2 p.m.14 views

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.11 views

CVE-2026-41907 vulnerabilities

Vulnerabilities for packages: nextcloud-server, saf, kubeflow-pipelines, code-server, actions-runner, jitsucom-jitsu, dbgate-fips, librechat, opensearch-dashboards, kubeflow-katib, argo-workflows, drupal, npm, tensorflow-cpu-jupyter, redisinsight, dbgate, gemini-cli, wazuh-dashboard-fips,...

9.3CVSS4.9AI score0.00337EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/05/06 4:17 p.m.9 views

Google Chrome’s silent 4GB AI download problem [updated]

Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...

5.7AI score
Exploits0
Chainguard
Chainguard
added 2026/05/06 1:17 a.m.8 views

GHSA-WPQR-6V78-JR5G vulnerabilities

Vulnerabilities for packages: gemini-cli...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 6:30 p.m.18 views

MAL-2026-3347 Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/01 2:1 p.m.94 views

AutoStrike

Gemini Bug Bounty Find security vulnerabilities, get paid...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/01 2:1 p.m.132 views

gemini-bug-bounty

Gemini Bug Bounty Find security vulnerabilities, get paid...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 7:7 a.m.8 views

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...

9.9CVSS7AI score0.0049EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 7:30 p.m.5 views

@13w/local-rag (=2.0.0), @amodalai/cli (>=0.1.0 <=0.1.1) +30 more potentially affected by unknown CVE via @google/gemini-cli (>=0.11.3 <=0.39.0-nightly.20260411.0957f7d3e)

@google/gemini-cli NPM version =0.11.3, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.0.17, =0.6.4, =0.0.1, =1.3.0, =0.1.10, =1.0.0, =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WPQR-6V78-JR5G...

5.7AI score
Exploits0
Rows per page
Query Builder