Lucene search
+L

524 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-46341

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS0.00194EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 1:46 p.m.2 views

OPENSUSE-SU-2026:21272-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie bsc1268409. - CVE-2026-8927: env-set cross-proxy Digest auth state leak...

9.8CVSS6.1AI score0.01064EPSS
Exploits10References20
RedHat Linux
RedHat Linux
added 2026/07/06 3:11 a.m.12 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 12:11 p.m.4 views

OPENSUSE-SU-2026:21231-1 Security update for python-pydata-sphinx-theme

This update for python-pydata-sphinx-theme fixes the following issues: Changes in python-pydata-sphinx-theme: - CVE-2026-13676: fast-uri: failure to canonicalize Unicode/IDN hostnames for HTTP-family URLs allows for bypass bsc1269597 revendor the vendored tarball with updated versions...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:12 a.m.9 views

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...

5.9AI score
Exploits0References26
Snyk
Snyk
added 2026/06/24 3:16 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the unconditional disabling of SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint. An attacker can...

8.3CVSS6AI score0.00108EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:43 a.m.8 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

9.3CVSS6.3AI score0.00952EPSS
Exploits4Affected Software1
OSV
OSV
added 2026/06/17 7:9 p.m.9 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:8 p.m.11 views

Malicious code in ogd-platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17f2c263db2adee12698bd9046668b9b674bcdf063b959f54841914a6028931 The package contains only a package.json with a preinstall lifecycle script and ships no actual functionality despite advertising itself as an 'Open...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:36 a.m.25 views

Malicious code in unicocheck-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/14 7:21 a.m.14 views

MAL-2026-5764 Malicious code in sys-info-cli-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...

5.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 8:24 p.m.18 views

Malicious code in @achuthvp/postinstall-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...

6.1AI score
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 7:42 a.m.23 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management . Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting...

7.5CVSS5.4AI score0.00827EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/11 7:23 a.m.10 views

MAL-2026-5611 Malicious code in datetime-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc38777296d43cff21c9e56d16208c8925c6dc25b5dec4227823da94096433d The package presents itself as a lightweight datetime utility but its main entry datetime.js invokes collect from ./index.js at top level, so any...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.15 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.16 views

Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.17 views

Malicious code in @oplus/obus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/05 5:44 a.m.13 views

BIT-GOLANG-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

7.5CVSS5.6AI score0.00939EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.10 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.00939EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 9:13 a.m.8 views

OPENSUSE-SU-2026:20877-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

8.1CVSS5.8AI score0.0078EPSS
Exploits1References16
Rows per page
Query Builder