Lucene search
K

1235 matches found

OSV
OSV
added 2025/11/10 4:50 p.m.4 views

MAL-2025-55037 Malicious code in hackerone-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e6417e8eaebc0aa37552f263af3e1445a1a3cb50245074d579c9b818a73e6 The package hackerone-internal-test was found to contain malicious code. Source: ossf-package-analysis...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/11/03 5:46 a.m.24 views

curl: HackerOne

HackerOne Impact HackerOne...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/10 12:0 a.m.8 views

CrowdStrike Falcon Sensor 7.16.x < 7.16.18637 / 7.24.19608 / 7.25.19706 / 7.26.19809 / 7.26.19811 / 7.27.19907 / 7.28.20006 Multiple Vulnerabilities

The version of CrowdStrike Falcon Sensor installed on the remote host is prior to 7.16.18637, 7.24.19608, 7.25.19707, 7.26.19813, 7.27.19909, or 7.28.20008. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - A race condition exists in the Falcon sensor...

6.5CVSS6.7AI score0.00172EPSS
Exploits0References3
NVD
NVD
added 2025/10/08 6:15 p.m.5 views

CVE-2025-42706

A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility LTV...

6.5CVSS0.00172EPSS
Exploits0References1
NVD
NVD
added 2025/10/08 6:15 p.m.7 views

CVE-2025-42701

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

5.6CVSS0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/08 5:18 p.m.7 views

EUVD-2025-33293

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

5.6CVSS7.1AI score0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/08 5:18 p.m.2 views

CVE-2025-42701 CrowdStrike Falcon Sensor for Windows Race Condition

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

5.6CVSS7.2AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2025/10/08 5:18 p.m.21 views

CVE-2025-42701

CVE-2025-42701 (CrowdStrike Falcon Sensor for Windows) describes a local race condition that could let an attacker, who already has code execution on a host, delete arbitrary files. A fix exists in Falcon Sensor for Windows version 7.24 and above and in all LTV sensors; Falcon sensors on Mac, Lin...

5.6CVSS7.2AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/08 5:18 p.m.4 views

CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Logic Error

A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility LTV...

6.5CVSS7.3AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41294

Name of the Vulnerable Software and Affected Versions CrowdStrike Falcon sensor for Windows versions prior to 7.24 CrowdStrike Falcon sensor for Windows Long Term Visibility LTV sensors prior to 7.24 Description A race condition exists in the Falcon sensor for Windows that could allow an attacker...

5.6CVSS7.1AI score0.00122EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.6 views

PT-2025-40539

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...

2.3CVSS6.6AI score0.00396EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/09/26 3:0 p.m.5 views

Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives

October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.9 views

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.00341EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/17 3:17 p.m.6 views

Malicious code in hackerone-app-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/09/17 3:17 p.m.5 views

MAL-2025-48892 Malicious code in hackerone-app-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.7 views

PT-2025-37106

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...

8.8CVSS6.3AI score0.00645EPSS
Exploits0References17
Gitee
Gitee
added 2025/09/06 11:51 a.m.132 views

Scanners-Box

This is a collection of open-source scanners from the GitHub platform, including subdomain enumeration, database vulnerability scanners, weak password or information leak scanners, port scanners, fingerprint scanners, and other large-scale scanners. The collection is maintained by We5ter and...

7.8AI score
Exploits0
RubySec
RubySec
added 2025/08/29 12:0 a.m.11 views

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

4.2CVSS6.6AI score0.00211EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/18 6:46 p.m.3 views

GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...

7.1CVSS7.2AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2025/08/05 10:36 p.m.8 views

CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...

2CVSS5.9AI score0.0044EPSS
Exploits1References5
Rows per page
Query Builder