Lucene search
K

374 matches found

EUVD
EUVD
added last week7 views

EUVD-2026-42653

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS6.2AI score0.00518EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.10 views

Malicious code in @webda-infra-ui/static-images (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e3a5a5b3cabd78201cf327847094e9dab8bfcee7452d7665151ea8ddc75d93 No suspicious behaviors were identified in this package version. The tarball contains 2 files with no lifecycle scripts, no network calls, no...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/29 4:53 p.m.10 views

MAL-2026-6652 Malicious code in @webda-infra-ui/static-images (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e3a5a5b3cabd78201cf327847094e9dab8bfcee7452d7665151ea8ddc75d93 No suspicious behaviors were identified in this package version. The tarball contains 2 files with no lifecycle scripts, no network calls, no...

6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 2:45 a.m.34 views

CVE-2026-13528 YunaiV/zhijiantianya ruoyi-vue-pro AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS0.00447EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:55 p.m.14 views

Malicious code in @wacrot/infra-data-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/15 8:55 p.m.10 views

MAL-2026-5834 Malicious code in @wacrot/infra-data-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...

5.5AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:25 p.m.17 views

Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:25 p.m.14 views

MAL-2026-5433 Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:23 p.m.10 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:23 p.m.13 views

EUVD-2026-33342

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44890

Name of the Vulnerable Software and Affected Versions ACM/MCE assisted-service affected versions not specified Description The assisted-service writes raw referenced pull-secret contents into the InfraEnv.status.conditions.message field when pull-secret validation fails. This allows a namespace...

6.3CVSS6AI score0.00182EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/23 6:40 p.m.84 views

exploits

exploits CVE explai...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/21 5:14 p.m.8 views

@altipla/directus-sdk-utils (=0.7.2), @better-auth/sso (>=1.6.0 <=1.7.0-beta.3) +28 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)

samlify NPM version =2.10.0, =1.6.0, =2.10.4, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.73.0, =0.73.1, =0.73.0, =0.73.1, =0.78.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...

8.8CVSS5.7AI score0.00383EPSS
Exploits2
Snyk
Snyk
added 2026/05/15 10:40 a.m.11 views

Malicious Package

Overview apple-infra-gcp-leak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.16 views

Malicious Package

Overview apple-infra-final-escape is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.9 views

Malicious Package

Overview apple-infra-network-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:40 p.m.12 views

Malicious code in apple-infra-stealth-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62019b469ab2852a4c8a4453043d5452768c2ac046ad1dc258366eac98de24ac The package apple-infra-stealth-audit was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/04/29 2:40 p.m.10 views

Malicious Package

Overview apple-infra-escape-audit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:40 p.m.6 views

Malicious code in apple-infra-escape-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:40 p.m.10 views

MAL-2026-3166 Malicious code in apple-infra-escape-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Rows per page
Query Builder