Lucene search
K

84 matches found

OSV
OSV
added 2026/05/13 8:4 p.m.8 views

MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/08 7:23 a.m.6 views

Malicious code in solana-wallet-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fafa4851b72650b6cb905d88ab0e9ac73276e188d44bf1ff2cb010eb6945c59 Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.0 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fsnotify: Do not generate ACCESS/MODIFY events for special files in child processes. inotify/fanotify does not allow users who have no read access to a file to subscribe to events e.g., INACCESS/INMODIFY. However, it allows th...

5.8AI score0.00068EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 10:44 p.m.0 views

CVE-2026-41060 AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

7.7CVSS5.9AI score0.0004EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.7 views

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

5.8AI score
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/31 11:53 a.m.2 views

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

4.3CVSS5.8AI score0.00007EPSS
Exploits0
OSV
OSV
added 2026/03/25 5:4 a.m.1 views

MAL-2026-2176 Malicious code in kusto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0bdb202529b567cdcf3b62e44352186db2cb5defbfbfec0e7646a684838e08d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
CVE
CVE
added 2026/03/24 8:26 p.m.4 views

CVE-2026-4433

Tenable OT contains an SSH misconfiguration that can allow exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could enable an attacker to gather system details and potentially aid host compromise. Affected item is the SSH configuration; the vulnerab...

4.8CVSS5.8AI score0.00063EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 2:5 p.m.4 views

MAL-2026-2106 Malicious code in dmclc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/04 5:24 p.m.3 views

Malicious code in requests-ml-min (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/03/04 5:24 p.m.1 views

MAL-2026-1240 Malicious code in requests-ml-min (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/02/16 11:15 a.m.1 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

6.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/16 11:15 a.m.0 views

CVE-2026-2415

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

5.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/25 11:13 a.m.7 views

MAL-2026-505 Malicious code in flask-hookserver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5afd1538994efa55632d3ed6d7c9fa419fb26c542b641a3efbd7b35501ea58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/15 12:26 a.m.1 views

SUSE CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

4.7CVSS6.3AI score0.00068EPSS
Exploits0References21
NVD
NVD
added 2026/01/13 4:15 p.m.3 views

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

0.00068EPSS
Exploits0References7
OSV
OSV
added 2026/01/13 4:15 p.m.1 views

AZL-74447 CVE-2025-68788 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

5.8AI score0.00068EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 4:15 p.m.1 views

UBUNTU-CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

5.9AI score0.00068EPSS
Exploits0References37
ATTACKERKB
ATTACKERKB
added 2026/01/13 3:29 p.m.1 views

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

5.3AI score0.00068EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to even...

6.1AI score0.00068EPSS
Exploits0References3
Rows per page
Query Builder