Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40548 matches found

OSV
OSVadded 2026/05/25 1:57 p.m.5 views

MAL-2026-4688 Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 1:57 p.m.7 views

Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 1:57 p.m.9 views

Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

5.8AI score
Exploits0References3
OSV
OSVadded 2026/05/25 1:57 p.m.9 views

MAL-2026-4686 Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

5.8AI score
Exploits0References3
OSV
OSVadded 2026/05/25 1:48 p.m.3 views

MAL-2026-4589 Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 1:45 p.m.7 views

Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

5.8AI score
Exploits0References2
Snyk
Snykadded 2026/05/25 12:58 p.m.7 views

Key Exchange without Entity Authentication

Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...

9.1CVSS5.8AI score0.00088EPSS
Exploits0References2
OSV
OSVadded 2026/05/25 11:35 a.m.7 views

MAL-2026-4527 Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score
Exploits0References1
GithubExploit
GithubExploitadded 2026/05/25 10:18 a.m.55 views

tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

6.1AI score
Exploits0
NVD
NVDadded 2026/05/25 10:16 a.m.9 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS0.00088EPSS
Exploits0References3
PyPA
PyPAadded 2026/05/25 10:16 a.m.11 views

PYSEC-0000-CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.00088EPSS
Exploits0References3Affected Software1
PyPA
PyPAadded 2026/05/25 10:16 a.m.9 views

PYSEC-2026-166

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.00088EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/25 10:16 a.m.4 views

PYSEC-2026-166

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.00088EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 10:10 a.m.5 views

Malicious code in auth-basic-vault (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3227380d9ef91ce63237acc9656b88a50b29aeeb05c594b700c5936a7527543 On require'auth-basic-vault', lib/writer.js attempts to require'authcascade' at module top level and, on failure, shells out via execSync to npm...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 9:58 a.m.7 views

Malicious code in authcascade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...

6.5AI score
Exploits0References2
Cvelist
Cvelistadded 2026/05/25 9:34 a.m.36 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

0.00088EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/25 9:34 a.m.10 views

EUVD-2026-31659

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

5.8AI score0.00088EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 9:34 a.m.12 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.00088EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/25 9:34 a.m.8 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

5.8AI score0.00088EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/25 9:34 a.m.12 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

5.8AI score0.00088EPSS
Exploits0References2
Rows per page
Query Builder