Lucene search
K

3997 matches found

Nuclei
Nuclei
added 18 hours ago87 views

AnythingLLM - Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

7.5CVSS7AI score0.29187EPSS
Exploits1References2
The Hacker News
The Hacker News
added 3 days ago8 views

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected] , came embedded wi...

6.1AI score
Exploits0
OSV
OSV
added 6 days ago3 views

PYSEC-2026-976 TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
Circl
Circl
added 2026/07/01 10:35 p.m.7 views

CVE-2026-50138

creationtimestamp| type| source ---|---|--- 2026-07-01 22:35:05+00:00| published-proof-of-concept| https://github.com/goshs-labs/goshs/security/advisories/GHSA-3whc-qvhv-xqjp...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/07/01 10:35 p.m.8 views

CVE-2026-50139

creationtimestamp| type| source ---|---|--- 2026-07-01 22:35:03+00:00| published-proof-of-concept| https://github.com/goshs-labs/goshs/security/advisories/GHSA-j48m-h7xq-2xpj...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc

Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...

5.8AI score0.0009EPSS
Exploits0References3
Circl
Circl
added 2026/06/16 11:6 a.m.7 views

CVE-2026-55837

creationtimestamp| type| source ---|---|--- 2026-06-16 11:06:21+00:00| published-proof-of-concept| https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-jr33-mw75-7j8f...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/16 6:9 a.m.78 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

cve-id ⚡ Simple Usage Use this project only in safe and...

8.7CVSS5.5AI score0.03847EPSS
Exploits16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:15 p.m.17 views

Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
OSV
OSV
added 2026/06/15 5:15 p.m.9 views

MAL-2026-5787 Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
GithubExploit
GithubExploit
added 2026/06/13 4:2 p.m.90 views

Exploit for Embedded Malicious Code in Tukaani Xz

XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...

10CVSS8.7AI score0.85974EPSS
Exploits40
Github Security Blog
Github Security Blog
added 2026/06/12 7:6 p.m.12 views

TYPO3 HTML Sanitizer allows Cross-site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS4.9AI score0.00282EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/06/11 9:0 p.m.9 views

Malicious Package

Overview @solana-labs/web3js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.11 views

Malicious Package

Overview @solana-labs/spl-toke is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.13 views

Malicious Package

Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/10 6:37 a.m.13 views

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

NLnet Labs ldns 访问控制错误漏洞

NLnet Labs ldns is a DNS library developed by the Nlnet Foundation in the Netherlands, designed for easy programming of DNS tools. Versions 1.2.0 to 1.9.0 of NLnet Labs ldns contain access control vulnerability issues. This vulnerability arises from the fact that when used as a UDP resolver, the...

8.2CVSS5.3AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an open-source RPKI routing origin validation service developed by NLnet Labs. There is a security vulnerability in NLnet Labs Routinator: the system exits when an error occurs during HTTP or RTR connections. Attackers can exploit this condition by opening a large number ...

8.7CVSS5.3AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/06/07 6:24 a.m.10 views

MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11c336c71c73260c2daa9233636b07bc81badb0b9f54b13241f719710a7f5d4 Package name @solana-labs/web3-js impersonates the legitimate @solana/web3.js and index.js simply re-exports the real package as cover. The postinsta...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/07 6:24 a.m.12 views

Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11c336c71c73260c2daa9233636b07bc81badb0b9f54b13241f719710a7f5d4 Package name @solana-labs/web3-js impersonates the legitimate @solana/web3.js and index.js simply re-exports the real package as cover. The postinsta...

6.1AI score
Exploits0References7
Rows per page
Query Builder