Lucene search
K

9590 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:38 p.m.11 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:38 p.m.40 views

CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.12 views

Malicious code in @frostnode/waitfor (npm)

@frostnode/waitfor malicious versions 0.9.0, 0.10.3, 0.10.4, and 0.10.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accoun...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.9 views

Malicious code in respects-switch (npm)

respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.8 views

Malicious code in crud-respect (npm)

crud-respect is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait used to outrank ...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/22 12:0 p.m.6 views

MAL-2026-6259 Malicious code in respects-switch (npm)

respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/22 12:0 p.m.7 views

MAL-2026-6258 Malicious code in onboarding-respects-modal (npm)

onboarding-respects-modal is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait use...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/22 12:0 p.m.6 views

MAL-2026-6257 Malicious code in crud-respect (npm)

crud-respect is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait used to outrank ...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 a.m.8 views

Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/22 7:54 a.m.7 views

MAL-2026-6262 Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51316

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Remote unauthenticated attackers can inject a rogue sharedSecret and disrupt the Jira integration. This occurs during the...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2026-1849)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1849 advisory. A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument...

7.8CVSS6.5AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2026/06/20 11:24 p.m.18 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:12 p.m.13 views

Malicious code in @apexcraft/nano-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...

6.7AI score
Exploits0References9
OSV
OSV
added 2026/06/19 3:2 p.m.5 views

MAL-2026-6209 Malicious code in @antoncarlos1/nodelamp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d930df8b6392b3bbfe3b591d90226374d31fb246e06018521f3f673a815b618a @antoncarlos1/[email protected] ships a single obfuscated index.js that runs a dropper on require. The top-level IIFE constructs a hardcoded IPv4 URL by...

5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:46 p.m.8 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed stale file descriptors when a usercopy fails. A failed usercopy of the fencerep object will result in a stale entry in the file descriptor table, as putunusedfd will not release that entry. This allows userland ...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in WebApp installations in Google Chrome prior to version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass the installation dialog through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00681EPSS
Exploits0References2
Rows per page
Query Builder