Lucene search
K

6584 matches found

Nuclei
Nuclei
added yesterday73 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

Froxlor < 0.10.38.2. - HTML Injection

HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. id: CVE-2022-3869 info: name: Froxlor TEST" matchers-condition: and matchers: - type: word part: body words: - 'The message to ""TEST" failed' - type: word part: header words: - "text/html" - type: status status: - 200 d...

6.5CVSS6.6AI score0.01265EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago75 views

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS6.1AI score0.33629EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added last week10 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added last week3 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-541 Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7.3AI score0.0118EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5755 Canonical MicroCeph: path traversal issue in the remote-import AP in github.com/canonical/microceph/microceph

Canonical MicroCeph: path traversal issue in the remote-import AP in github.com/canonical/microceph/microceph...

5CVSS5.8AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5674 OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao

OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5557 Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend

Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5517 OpenBao's System Backend allows Unauthorized Management of the containing Namespace in github.com/openbao/openbao

OpenBao's System Backend allows Unauthorized Management of the containing Namespace in github.com/openbao/openbao...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5222 nhost has Session Persistence After Password Change in github.com/nhost/nhost

nhost has Session Persistence After Password Change in github.com/nhost/nhost...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/22 7:28 p.m.6 views

GO-2026-5060 Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg

Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Circl
Circl
added 2026/06/17 4:18 a.m.16 views

CVE-2026-54069

creationtimestamp| type| source ---|---|--- 2026-06-17 04:18:47+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-54069.yaml 2026-07-10 19:52:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcwdmy6ok2t 2026-07-10...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 3:24 p.m.30 views

MAL-2026-5697 Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:5 p.m.14 views

Malicious code in multica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7d3e4277fb571072315c7f64c269029cd53c78b3ff27ec5536d748c659fd6a2 Package is published at version 9999.99.99 with a description referencing an npm 404 in multica-ai/multica and a main module that recursively require...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.11 views

MAL-2026-5397 Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.38 views

MAL-2026-5403 Malicious code in t-invest-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c186ac158f68845fc995a94d15d44c2b65a521d2619d2850232e58f4a61419 Package is a dependency-confusion squat: package.json sets version 9999.99.99 the canonical max-version trick used to win resolution against any...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/05/25 1:45 p.m.16 views

MAL-2026-4523 Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 3:52 p.m.11 views

MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/24 7:45 a.m.6 views

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

8.5CVSS7.8AI score0.00298EPSS
Exploits0References2
Rows per page
Query Builder