Lucene search
K

928 matches found

OSV
OSV
added 2026/07/06 9:49 p.m.3 views

GHSA-473P-56XX-VG67 Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)

Summary In Kiwi TCMS the fields TestCase.extralink and TestPlan.extralink were meant to represent URLs to external resources however in versions prior to 16.1 user input was not being sanitized and values were rendered verbatim which represents an opportunity for cross-site scripting exploitation...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/07/06 9:27 p.m.5 views

GHSA-HMJ5-JM8H-H9FH Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/06/03 9:13 p.m.7 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.2.4, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

7.1CVSS5.7AI score0.00113EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.5 views

SolarWinds Kiwi Syslog NG < 1.3.1 Sensitive Information Disclosure (CVE-2024-45718)

According to its self-reported version, the SolarWinds Kiwi Syslog NG installation on the remote host is version 1.3 or earlier. It is, therefore, affected by a cleartext storage of sensitive information vulnerability. Sensitive data could be exposed to non-privileged users in a configuration fil...

4.6CVSS5.4AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.12 views

CVE-2023-25156

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...

9.8CVSS6.6AI score0.00902EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/26 4:19 p.m.10 views

Malicious code in rtcplogin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f986d2da01fbdba339f3d073a84dd5c57ba0aa19113574702160654f70f0620 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/11/26 4:19 p.m.5 views

MAL-2025-191858 Malicious code in rtcplogin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f986d2da01fbdba339f3d073a84dd5c57ba0aa19113574702160654f70f0620 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/25 10:2 p.m.4 views

MAL-2025-191859 Malicious code in rtcpstream (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa2920b4ae77a6e47bbf9ac8163f8d9a30d62966097d34989a36103a76178558 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 11:32 p.m.6 views

MAL-2025-191837 Malicious code in pyrtp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f77b4d5bf456d6805b724bbedc6baa9f7fb3cc95e6ab6aace6861bfcd56aec1f Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 11:29 p.m.5 views

MAL-2025-191860 Malicious code in rtcpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75bd7b21b8b27920b63ff14b07b761f57e72da9866682e4e49bd569e660215fd Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:29 p.m.7 views

Malicious code in rtcpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75bd7b21b8b27920b63ff14b07b761f57e72da9866682e4e49bd569e660215fd Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/11/24 10:2 p.m.5 views

MAL-2025-191682 Malicious code in aounitaounit2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17a6f267b170cfb56ec403ff0364780d8adb80064476daffdded59f701b8b154 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 9:59 p.m.4 views

MAL-2025-191700 Malicious code in chicopute (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d495090103e9ff8ca138e9ad2b40556ce900f92d07ac058463eb58f42edacc85 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 6:37 a.m.4 views

MAL-2025-191794 Malicious code in mongland (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a003c7277ab04d5aec30eaa72b0f28b25c7534e6b036c381142300b3ac0bde9f Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 6:34 a.m.6 views

MAL-2025-191940 Malicious code in zakuchienne (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6cab2f6ce1c1eec52747b1f7057550b9b35d3c4f6d8c04b51e37afd47c1e5625 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 6:34 a.m.9 views

Malicious code in zakuchienne (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6cab2f6ce1c1eec52747b1f7057550b9b35d3c4f6d8c04b51e37afd47c1e5625 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.3AI score
Exploits0References1
EUVD
EUVD
added 2025/11/12 3:4 a.m.4 views

EUVD-2025-117201

Malicious code in nursing-amaranth-kiwi npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 3:4 a.m.3 views

EUVD-2025-117383

Malicious code in favourite-olive-kiwi npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/12 3:4 a.m.4 views

MAL-2025-138719 Malicious code in favourite-olive-kiwi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ee55b0595e776f8d9225a44a4c603c623af94b0d72d54632ef8ada5a0b01ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.3 views

EUVD-2025-98470

Malicious code in gleamingkiwiz3n npm...

6.6AI score
Exploits0
Rows per page
Query Builder