Lucene search
K

273 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in type-slint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b5573d4007a97d The npm package [email protected] masquerades as the pino logger copied module layout, exports as module.exports.pino, keywords fast/logger/stream/jso...

6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/01 6:55 p.m.7 views

Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity method of each Template subclass and was invoked once from the constructor, gated by SandboxExtension::isSandboxed$source. Template instances are then cached on the Environment in...

6CVSS5.7AI score0.00414EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.8 views

SUSE CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2021-34847

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:32 p.m.10 views

CVE-2021-4481

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.27 views

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.13 views

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00075EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 6:28 p.m.17 views

CVE-2026-42878 FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2025-209971

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

5.7AI score0.00137EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:16 p.m.9 views

UBUNTU-CVE-2025-71307

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

5.5CVSS5.7AI score0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:14 p.m.43 views

CVE-2025-71307 drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

0.00137EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.14 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS5.8AI score0.00164EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 12:0 a.m.5 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS6AI score0.00164EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 9:56 a.m.12 views

MAL-2026-4455 Malicious code in @thebros/create-benjamin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53fb816939bb505cdabc374418983428298b09a29e5789033943301642b8b156 The package tarball ships a .env file containing a live-looking OpenAI API key OPENAIAPIKEY=sk-proj-.... The CLI entry point bin/index.js calls impor...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/21 9:28 p.m.17 views

Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

8.6CVSS5.8AI score0.00833EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/21 9:28 p.m.9 views

GHSA-7FXW-R6JV-74C8 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

5.8CVSS5.8AI score0.0026EPSS
Exploits0References5
Metasploit
Metasploit
added 2026/05/21 7:1 p.m.327 views

Ollama Scanner

This module identifies ollama instances and enumerates the LLM models which have been loaded and are running. Module Options msf use auxiliary/scanner/http/ollamainfo msf auxiliaryollamainfo show actions ...actions... msf auxiliaryollamainfo set ACTION msf auxiliaryollamainfo show options ...show...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42690

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description An issue exists where the % sandbox %% include ... %% endsandbox % tag path fails to re-invoke the checkSecurity function. If a template is loaded outside a sandbox within the same Environment...

6CVSS6.1AI score0.0026EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - ice: xsk: disabling TXQ interrupts before flushing hardware settings. - iceqpdis attempts to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps involved disabling interrupts on these queues...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder