Lucene search
K

4 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.6 views

MAL-2026-4149 Malicious code in onfire.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/03/30 10:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 2:14 p.m.35 views

CVE-2026-2244

Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Google Cloud Vertex AI Workbench 安全漏洞

Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...

8.4CVSS5.8AI score0.00247EPSS
Exploits0References1
Rows per page
Query Builder