Lucene search
K

5676 matches found

OSV
OSV
added 11 hours ago3 views

MAL-2026-10564 Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
OSV
OSV
added 11 hours ago2 views

MAL-2026-10557 Malicious code in @cw-ui/micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 11 hours ago5 views

Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

WordPress Contact Form by Supsystic - Server-Side Template Injection

Contact Form by Supsystic WordPress plugin = 1.7.36 contains a server-side template injection caused by unsandboxed TwigLoaderString and cfsPreFill functionality, letting unauthenticated attackers execute arbitrary code remotely via GET parameters. id: CVE-2026-4257 info: name: WordPress Contact...

9.8CVSS6.3AI score0.41475EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibRaw vulnerabilities (USN-8522-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8522-1 advisory. It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cau...

9.8CVSS6.6AI score0.00746EPSS
Exploits6References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in type-slint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b5573d4007a97d The npm package [email protected] masquerades as the pino logger copied module layout, exports as module.exports.pino, keywords fast/logger/stream/jso...

6.1AI score
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-55760

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS0.00414EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00432EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in chai-presentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...

6.1AI score
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00432EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1313 docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

8.1CVSS7.5AI score0.01376EPSS
Exploits1References9
OSV
OSV
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1515 Langchain Community Vulnerable to XML External Entity (XXE) Attacks

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...

7.5CVSS7AI score0.01531EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 1:35 p.m.10 views

ROOT-APP-NPM-CVE-2022-37599 CVE-2022-37599 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37599 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0204EPSS
Exploits0
OSV
OSV
added 2026/07/07 1:35 p.m.15 views

ROOT-APP-NPM-CVE-2022-37601 CVE-2022-37601 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37601 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

9.8CVSS5.8AI score0.02601EPSS
Exploits1
OSV
OSV
added 2026/07/07 1:35 p.m.13 views

ROOT-APP-NPM-CVE-2022-37603 CVE-2022-37603 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37603 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.02029EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-59089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Tab...

5.5CVSS6.1AI score0.00208EPSS
Exploits1References4
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-59089

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS0.00208EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:38 p.m.6 views

CVE-2026-59089

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS6AI score0.00208EPSS
Exploits1References4
CVE
CVE
added 2026/07/06 7:38 p.m.18 views

CVE-2026-59089

GIMP contains a vulnerability in its PlayStation TIM loader: the CLUT size is computed by multiplying two 16-bit unsigned values (num_colors and num_cluts), which can overflow and exceed integer limits. This overflow triggers undefined behavior that causes the GIMP plug-in to abort when processin...

5.5CVSS6AI score0.00208EPSS
Exploits1References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-14610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file...

5.3CVSS6AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder