Lucene search
+L

99 matches found

osv
osv
added 4 days ago3 views

PYSEC-2026-2926 PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS6.2AI score0.00246EPSS
Exploits2References6
thn
thn
added 2026/06/09 4:34 p.m.17 views

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem...

6.3AI score
Exploits0
thn
thn
added 2026/06/06 6:58 a.m.46 views

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...

6.2AI score
Exploits0
ossf
ossf
added 2026/06/05 12:53 a.m.20 views

Malicious code in autotel-pact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea3afdb0cdd411bf4c5c61858c6eac81b3a321fad31613a01d8e1ba80c9a6642 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References5
ossf
ossf
added 2026/06/05 12:53 a.m.12 views

Malicious code in node-env-resolver-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb20ec41cd318dc4b8958df0ddc5c86e5fede7c4ee3c7ced1439aad3e943b97 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.19 views

Malicious code in executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3137898a0ce7b26bf51153300f929a28c1d653830a2ddf7f57d7dea270e2a7e0 No concrete installer-harm signals were identified in this version. No lifecycle hooks fetching remote payloads, no credential or environment scrapin...

6.1AI score
Exploits0References8
ossf
ossf
added 2026/06/05 12:53 a.m.21 views

Malicious code in node-env-resolver-aws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4d561f58633262592e17233481bba8398f047eb830948370396c51b6d952c90 No concrete installer-harm signals were identified in this version of the package. Coverage of the package contents was partial, so a human reviewer...

6.1AI score
Exploits0References6
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in mountly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a392e66eff4da37e5adbd5288c1bb8da03c5348cfafacfa54aa113321e81dec5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.13 views

Malicious code in @forjacms/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e53cc7a866c8a2316aec94a20aa737e6bdb4a71202c0f363e301219ae1291ac The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.17 views

Malicious code in mountly-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e398eaa72f57a4536d3bb3c64f27de01f4a1d91cf64c65f10b8949dcfb4cfb91 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in github-archiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d8f3a21af0a31a899de9e8eabd09e30c6e05e620ab3a7d7af420c34214898b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
ossf
ossf
added 2026/06/05 12:53 a.m.25 views

Malicious code in @forjacms/sections (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.19 views

Malicious code in awaitly-libsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b990b0b3ddf0eb2fbfe64fc70090459960085e3268df5cbdd1a86f958f69448e No concrete installer-harm signals were identified in this package version. The package name combines 'awaitly' and 'libsql' a well-known SQLite-fork...

6.1AI score
Exploits0References26
ossf
ossf
added 2026/06/05 12:53 a.m.28 views

Malicious code in autotel-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54f7a26d9e1681241d44bb8a37e06156508af068e0f594ae58ce4ed3a2caa94c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.18 views

Malicious code in awaitly-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3015c3afc4f26f62482274726cb1ce34f803abd4b7e84a6eb7e0c802e8c8b7df The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References26
ossf
ossf
added 2026/06/05 12:53 a.m.19 views

Malicious code in @contaazul/n8n-nodes-contaazul (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fba5858825a845f02388990e34281d89dac395b6414e89c12c556d3fe0d7c45 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.18 views

Malicious code in autotel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 921a045507925f9accff44927ec74588991f03dd291a3ae95cdc9919523ed800 Pattern matches fired on co-occurrence of the strings 'ping', 'POST', and 'hostname' in the package's bundled and source files dist/chunk-.cjs,...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.16 views

Malicious code in create-cf-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9884f6d63e063d1320b8d8efbfb8852f00bd3c18c87b03b445f6978897570 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in discord-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1588cbceb5959b1a1b9e22d2b54d3d67e6bac9c8be4538df23f809772e4a9850 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.12 views

Malicious code in autotel-hono (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5d4817f36d8b16c1ecf07488650333e0cf46bf1b5f45a1a9f15079575424225 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
Rows per page
Query Builder