Lucene search
K

129 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in polymarket-kelly-stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9798cce0effcbcf5ed3295f322a375bb1a3cbb7e9db4b7d88c802bf5116639e3 [email protected] advertises itself as a pure Kelly-stake math helper but its postinstall hook scripts/install-check.cjs, invoked fro...

6.5AI score
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-15041

The CVE describes a flaw in 389 Directory Server (389-ds-base): non-constant-time comparison in the PBKDF2-SHA256 password verification uses standard memcmp() instead of a constant-time function. This could allow a remote attacker to leverage timing measurements of LDAP bind attempts to infer par...

3.7CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/07/04 2:16 a.m.11 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/04 12:58 a.m.9 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
Cvelist
Cvelist
added 2026/07/04 12:58 a.m.33 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS0.00158EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52604

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the EVP DigestVerifyFinal function where a zero-length tag could be accepted as valid during HMAC Hash-based Message Authentication Code...

7.5CVSS5.7AI score0.00147EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 5:10 p.m.5 views

GHSA-6P9M-Q3JP-47H4 Gogs: LFS dedupe path leaks private repo content across tenants

Summary Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid row pointing at it without verifying the request body hash...

7.1CVSS6AI score0.00236EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:10 p.m.11 views

Gogs: LFS dedupe path leaks private repo content across tenants

Summary Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid row pointing at it without verifying the request body hash...

7.1CVSS6AI score0.00236EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.32 views

PT-2026-51630

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...

7.1CVSS5.8AI score0.00236EPSS
Exploits0References10
OSV
OSV
added 2026/06/15 8:9 p.m.8 views

MAL-2026-5825 Malicious code in @intentsolution/database-security-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1f4da3cb40cc2e1396230869d85bcc5a3c9267c0dc3c60dc297c08d1882230 The package's main file index.js is heavily obfuscated using obfuscator.io-style string-array rotation, base64 fragments, and per-byte XOR decoders...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:30 p.m.11 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.4AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:30 p.m.14 views

Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.3AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45778

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

7.8CVSS5.7AI score0.00115EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:1 a.m.16 views

Malicious code in weavedb-exm-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec package.json declares "preinstall": "./vendor/setup", causing every npm install weavedb-exm-sdk to execute vendor/setup — a 976,568-byte Linux x86 EL...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:1 a.m.15 views

Malicious code in arnext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:1 a.m.11 views

MAL-2026-4482 Malicious code in arnext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:0 a.m.15 views

MAL-2026-4486 Malicious code in atomic-notes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70dcf4fd11ae58bf4e06b896b2f163d54e3c3a26b66d472bab1e0af126f6f81 package.json declares preinstall:./.github/scripts/precheck, which executes a 976 KB stripped, UPX-packed Linux x8664 ELF shipped at...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:59 a.m.15 views

Malicious code in zkjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816 package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable sha256...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/05/26 12:59 a.m.13 views

MAL-2026-4739 Malicious code in zkjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816 package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable sha256...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/05/25 6:11 p.m.14 views

MAL-2026-4438 Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...

5.8AI score
Exploits0References2
Rows per page
Query Builder