Lucene search
K

756 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-13353

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for installaddon,...

8.8CVSS0.00606EPSS
Exploits0References6
OSV
OSV
added 5 days ago8 views

ROOT-APP-NPM-CVE-2025-27789 CVE-2025-27789 in @rootio/babel__helpers - Patched by Root

Root has patched CVE-2025-27789 in the @rootio/babelhelpers package for Root:npm. Multiple fixed versions available...

6.2CVSS6.4AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/07/07 6:45 a.m.2 views

MAL-2026-6981 Malicious code in paperclip-adapter-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801 [email protected] executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports...

6.2AI score
Exploits0References15
Cvelist
Cvelist
added 2026/07/01 8:25 p.m.36 views

CVE-2026-55886 Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 8:25 p.m.4 views

CVE-2026-55886 Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS5.8AI score0.00315EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 8:25 p.m.23 views

CVE-2026-55886

CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 2:16 p.m.3 views

UBUNTU-CVE-2026-53349

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...

5.8AI score0.00161EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.3 views

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50353)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50353 advisory. 5.4.17-2136.356.4.3 - net: skbuff: fix missing zerocopy reference in pskbcarve helpers Minh Nguyen Orabug: 39639989 CVE-2026-52943 Credit Statement: The...

7.8CVSS6AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:51 a.m.7 views

MAL-2026-6581 Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.11 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.29 views

CVE-2026-53171 accel/ethosu: fix arithmetic issues in dma_length()

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

8.8CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:29 p.m.37 views

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 4:29 p.m.6 views

EUVD-2026-38909

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

6AI score0.00126EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Net: Fixing segmentation issues with forwarding fraglists for GRO packets. This patch improves the handling of GSO segmentation by properly checking the SKBGSODODGY flag for GSO packets with a fraglist. This addresses low...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...

9.1CVSS5.9AI score0.00574EPSS
Exploits17References435
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...

5.5CVSS6.3AI score0.002EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 1:5 p.m.11 views

jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set()

Summary Jodit.modules.Helpers.setchain, value, obj walks the dot-separated chain, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins with or contains proto, constructor, or prototype lets the final assignment reach and mutate Object.prototype...

6.3CVSS5.3AI score0.00315EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms

Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT range, but those helpers do not match two classes of IPv6 address that should be...

5.8CVSS5.3AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder