Lucene search
K

11128 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 6:24 p.m.6 views

Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:24 p.m.5 views

MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:18 a.m.8 views

Malicious code in mongoose-json-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:58 p.m.7 views

Malicious code in random-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72321e7eb57feb094bc31de2393ec2a56903156e1257a062e40541785b96 The package advertises itself as a 5-line random-string generator, but index.js the declared main contains a hardcoded AES-256-CBC ciphertext blob th...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/25 8:57 p.m.3 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:32 p.m.6 views

Malicious code in typedecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593662d3b4cda901642b713f419417807a33f3dca74e818f66e8d0cf9ebcf6e3 On require'typedecode' / import 'typedecode', the bundled dist/index.cjs and dist/index.js execute an obfuscated import-time payload. A bootstrap.js...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:26 a.m.8 views

MAL-2026-6376 Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/24 4:13 a.m.7 views

MAL-2026-6369 Malicious code in hardhat-test-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 741350b4472a82c53151793b413166a5fad36af3d2d14fa1d12afba9eccb9fed Package impersonates the well-known eth-gas-reporter / hardhat-gas-reporter packages: README is titled 'eth-test-log', copies badges and contributor...

6.4AI score
Exploits0References2
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0026

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.1CVSS6.8AI score0.00633EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0029

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.8CVSS6.8AI score0.00515EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0021

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

7.5CVSS6.6AI score0.0064EPSS
Exploits1
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-47378

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:34 p.m.26 views

CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:34 p.m.6 views

CVE-2026-47378

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 8:34 p.m.19 views

CVE-2026-47378

CVE-2026-47378 concerns NocoDB, where before 2026.04.1 public shared-view endpoints could expose hidden-column values through three paths: (1) groupBy could return raw values for any column named in the request, (2) filter and sort arrays operated on hidden columns allowed boolean-blind extractio...

6.9CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:18 p.m.20 views

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 8:16 p.m.10 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 7:5 p.m.6 views

EUVD-2026-38573

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:5 p.m.6 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder