Lucene search
K

117 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:12 a.m.5 views

CVE-2026-13140

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 11:12 a.m.6 views

CVE-2026-13140

The CVE-2026-13140 entry concerns Canarytokens.org (Thinkst Applied Research) with a Stored Cross-Site Scripting flaw in the exposed AWS API key store. Affected: Canarytokens Docker images from tag sha-4116b92cb up to before sha-f5aa5c4e and Git commit 4116b92cb before f5aa5c4e. Attack requires k...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:5 p.m.4 views

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/22 1:5 p.m.7 views

EUVD-2026-38240

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 11:35 a.m.37 views

CVE-2026-11859 HTML injection in the Canarytoken links email

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48399

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.7 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/05/31 9:16 a.m.15 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 2026/05/31 8:0 a.m.23 views

CVE-2026-10174

Summary of CVE-2026-10174 (Aider-AI Aider 0.86.3): Affected is an unknown function in the file aider/args.py of the Pre-commit Hook Handler. Manipulation of the argument git-commit-verify leads to protection mechanism failure. The vulnerability may be exploitable remotely, with exploitation infor...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/31 8:0 a.m.10 views

CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/31 8:0 a.m.13 views

EUVD-2026-33494

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/31 8:0 a.m.12 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.16 views

Aider 安全漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a security vulnerability. This vulnerability stems from the git-commit-verify operation in the Pre-commit Hook Handler component, which causes the protection mechanism to fail. An...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.12 views

PT-2026-45183

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/01 12:0 a.m.2 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...

9.1CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 6:55 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 3:41 a.m.16 views

CVE-2025-15586

OpenGamePanel (OGP-Website) is affected by a type juggling flaw in PHP comparisons present in commits prior to 52f865a4fba763594453068acf8fa9e3fc38d663. If exploited, this can enable authentication bypass without knowledge of the victim’s password. Public references (Red Hat CVE page, NVD entry, ...

10CVSS5.5AI score0.00382EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/06 11:48 p.m.12 views

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00155EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-1813

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03638EPSS
Exploits1References6
Rows per page
Query Builder