Lucene search
K

16 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/04 2:21 p.m.3 views

Malicious code in @sasmeee/gamble (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c87f47f35d7c73fd035a897353adf49aa127f906c05e5bb8ffa791b9465d8f71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/05/31 10:30 a.m.6 views

MAL-2025-4607 Malicious code in @chatbot-builder/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ace9cff4af8d9323da0b8644083e75867baace24814284462f536c574065052 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/31 1:31 a.m.5 views

CVE-2025-2970

...

7.2AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.7 views

GHSA-W6XV-37JV-7CJR vulnerabilities

Vulnerabilities for packages: libarchive...

7.3AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.5 views

GHSA-M52W-J3PC-G32G vulnerabilities

Vulnerabilities for packages: chromium...

7.3AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.4 views

GHSA-PGGR-CGRF-HXVH vulnerabilities

Vulnerabilities for packages: mysql...

7.3AI score
Exploits0
CVE
CVE
added 2025/01/21 8:52 p.m.69 views

CVE-2025-21510

CVE-2025-21510 affects Oracle JD Edwards EnterpriseOne Tools (Web Runtime SEC) prior to 9.2.9.0. An unauthenticated, network-accessible (HTTP) attacker can compromise data or gain full access to Tools. Fixed in 9.2.9.x line; NCSC notes 9.2.9.2; Oracle CPU Jan 2025 advisory references patches. Exp...

7.5CVSS7.1AI score0.00652EPSS
Exploits0References1Affected Software1
Chainguard
Chainguard
added 2025/01/14 7:43 p.m.8 views

GHSA-P54P-P3QM-8VGJ vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

7.3AI score
Exploits0
NVD
NVD
added 2024/11/21 5:15 p.m.63 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS0.02273EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/21 4:53 p.m.9 views

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

7.5CVSS8.1AI score0.02273EPSS
Exploits1References3
CVE
CVE
added 2024/11/21 4:53 p.m.72 views

CVE-2024-52803

CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...

9.8CVSS7.9AI score0.02273EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/06/20 8:16 p.m.7 views

MAL-2022-5294 Malicious code in perf-storage-blob-track-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 567e0f79387c321ef5292bc42ca46151d74d37f8f9a468ccbb20d3a267dceca1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CVE
CVE
added 1976/01/01 12:0 a.m.38 views

CVE-2024-23425

CVE-2024-23425 entry is rejected/not used and does not represent an active vulnerability.

7AI score
Exploits0
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.8 views

CVE-2022-32682

...

Exploits0
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.13 views

CVE-2020-26351

...

Exploits0
CVE
CVE
added 1976/01/01 12:0 a.m.12 views

CVE-2025-8130

This CVE entry is rejected/not used and does not represent an active vulnerability.

Exploits0
Rows per page
Query Builder