Lucene search
K

42 matches found

OSV
OSV
added yesterday3 views

MAL-2026-10580 Malicious code in ethers-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS0.00408EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:17 a.m.3 views

CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS6AI score0.00408EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51754

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where libcurl may send request data on a new connection before enforcing certificate verification failure. This occurs when a user first connects to a legitimate HTTP/3 server...

9.8CVSS5.8AI score0.0108EPSS
Exploits12References46
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:46 p.m.11 views

Malicious code in markdownlint-cli2-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:16 a.m.13 views

Malicious code in @tailwind-core/webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7955094460738dc65288f88a3bb990c7d3ff52ed3683f11265b7072bd80aa4e3 Package @tailwind-core/webpack impersonates the legitimate Tailwind v4 webpack loader @tailwindcss/webpack. The README copies Tailwind Labs branding ...

5.9AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.15 views

The End of Trust: How Agentic AI Breaks Security Assumptions

For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow s...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/13 6:47 a.m.3 views

Malicious Package

Overview fusion-internal-common-drzak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 4:8 a.m.5 views

Malicious Package

Overview @yazxzpedia/baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.16 views

Curl vulnerabilities detected in SANnav images (CVE-2025-4947, CVE-2025-5025)

The Curl vulnerabilities identified are located within open source components utilized by Brocade SANnav, however the vulnerable code is not compiled into the final product. As a part of good security practice, the open source component was updated in the SANnav 3.0.0 release. CVE-2025-4947 libcu...

6.5CVSS5.9AI score0.00253EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/18 10:2 a.m.8 views

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-62235

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS7AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 10:15 a.m.12 views

CVE-2025-62235

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS0.00371EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/10 9:42 a.m.6 views

EUVD-2026-1851

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

6.4AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 9:42 a.m.25 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/10 9:42 a.m.3 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

6.6AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2026/01/06 7:0 a.m.4 views

UBUNTU-CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder