Lucene search
K

4 matches found

OSV
OSV
added 4 days ago3 views

MAL-2026-6766 Malicious code in @marketfront/baobabtech (npm)

The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

MAL-2026-6781 Malicious code in @marketfront/gotoauthpopup (npm)

The @marketfront/gotoauthpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/12 3:8 p.m.4 views

GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

6.9CVSS5.5AI score0.00042EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/12 11:3 a.m.7 views

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management MOM software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The...

9CVSS7.3AI score0.89077EPSS
Exploits1
Rows per page
Query Builder