Lucene search
K

469 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 7:38 p.m.7 views

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS6AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 7:38 p.m.39 views

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/16 12:30 p.m.10 views

EUVD-2026-6096

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00501EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/02/16 10:16 a.m.30 views

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/02/16 10:16 a.m.15 views

CVE-2026-2451

CVE-2026-2451 concerns pretix: an information-exfiltration flaw via email template placeholders. When templates substitute user data (e.g., {name}), an attacker who can control templates could craft placeholders like {{event.init .code .co_filename}} to read sensitive system configuration data, p...

9CVSS5.6AI score0.00258EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/02/16 10:15 a.m.33 views

CVE-2026-2415 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS0.00243EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 12:21 a.m.3 views

MAL-2025-47916 Malicious code in @hash-validator/v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be7ccca438d061fd1d98fb1061421f517bccb37ba164e017caf7b8f8db366e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23966

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00231EPSS
Exploits1References4
OSV
OSV
added 2025/07/05 4:47 p.m.2 views

MAL-2025-5639 Malicious code in print-vault-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e05d07d0cbe84e8ef4ca39905adcf78905393b39d322ae7e582ad1ae99b177a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/02 8:50 a.m.2 views

MAL-2025-5562 Malicious code in ipmi-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ae45e03814e3e6804cac4e616877eecf2a0865d1ab813e7a2a273778899bc16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/28 4:13 p.m.2 views

MAL-2025-5395 Malicious code in dynamic-importer2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4468869b1899f5d6f33a0bb39a221a394f0d1fcce1dc46f3f2127636a40b500b Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/17 5:32 a.m.6 views

MAL-2025-5168 Malicious code in readium-shared-js (npm)

Malicious preinstall script exfiltrates system info hostname, user, pwd, id to a remote server. Likely a malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c907ca12944ad675a60dbfd27a1680a1b2ebf1186512d0106676795741a558a Any computer that has this package...

7.1AI score
Exploits0References4
OSV
OSV
added 2025/06/16 3:16 p.m.8 views

MAL-2025-4993 Malicious code in boost-chii (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac33b7f9bd3634fd513bc6cdf809460ef22919a7841d779fe3cfca4c733874c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/10 4:38 a.m.2 views

MAL-2025-4860 Malicious code in opensearch-with-grafana-lambdas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1610e128601e1cf8f57fb7382fb6310a88b8420bcf1aa66c7e0c8b488b5477dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/05/19 7:48 a.m.6 views

MAL-2025-3981 Malicious code in angular-monash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7281e9d55aa990f9d2ed6d6f8acc5d290a25f3d17fe641c841a5976b519e4844 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/05/14 9:4 a.m.2 views

MAL-2025-3798 Malicious code in node-method-indicator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60414121dfe5a164bd132ab93d581199d55ba6bff4e937c7b52ecf6ca5fa1e0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/05/10 3:21 a.m.3 views

MAL-2025-3721 Malicious code in braze-i18n-knockout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca6ae5dbaa6927991987f0b0e26192dcbfc2fbcbeeca91e3cb34621bd6f1a48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/05/05 7:27 p.m.5 views

MAL-2025-3698 Malicious code in substrate-faucet (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c694048c1a8c1f3c9b8f183f75e0a9464e084cdaa8fc58c9a770190c4ab4824a Any computer that has this package installed or running should be considered...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/02 5:24 a.m.2 views

Malicious code in wasitestforeducation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3143ff548280d35ca2611e7959f1e56224da26b7b8a56ce97c67509800fba81a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/04/17 5:27 a.m.5 views

MAL-2025-3252 Malicious code in helper-function-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf8d6cfb517715467379abc5d1adf9a80f10c786f6473f2d30c9961cba2445b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder