Lucene search
+L

242 matches found

OSV
OSV
added 2025/11/11 2:29 a.m.3 views

MAL-2025-76071 Malicious code in vina-lepet76-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19e142f6f4bc6b1bbe7357240412648b128c4f26dd2dc06a53a87135bc1af38d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.5 views

Malicious code in direct-aqua-beetle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 226b422317ce0cebbebe29a8b64dee113a5d4ed8f6172cbfa31751f75b8eea17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 12:17 a.m.1 views

MAL-2025-62878 Malicious code in fadhil-kue76-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208383e4d42950f0825386d7e42ece985aeff3d6ab3ba1ffc411f811652008c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 12:17 a.m.1 views

MAL-2025-66508 Malicious code in zul-gudeg68-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38ea07072ea15606ce14aa6b661fdd622acc2c88eb339ac880593b95537038e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 6:2 p.m.4 views

Malicious code in yearning_locust_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29d56b37d79d4af6001d682eba04b6bd8cc325b3b5445ef0134388bbca3376e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/10 6:2 p.m.1 views

MAL-2025-60682 Malicious code in injured_wombat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6434b66d1ef464d44be52f27c79ff7fb642cf81cc0356827238dd317e04c091d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 5:21 p.m.2 views

Malicious code in laila-soto88-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508429f2ac0255cbd19282d15a7e297d20ff2867b615baa070c763aadd8a5088 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 5:21 p.m.4 views

Malicious code in unexpected_hawk_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4959b585e00a798dda2733f2a49a7b60289174380a94c9c1f2fcf01c87d2f2f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.16 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS6.8AI score0.00284EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.5 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.3AI score0.00284EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.12 views

PT-2025-45466

Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...

7.6CVSS5.5AI score0.00284EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/15 10:27 p.m.11 views

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS7.6AI score0.00383EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-11340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed...

7.7CVSS5.5AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 9:4 a.m.5 views

BIT-GITLAB-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.8AI score0.00349EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 12:25 p.m.4 views

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.6AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 12:15 p.m.7 views

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 12:15 p.m.11 views

UBUNTU-CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS5.8AI score0.00349EPSS
Exploits0References4
CVE
CVE
added 2025/10/09 12:4 p.m.23 views

CVE-2025-11340

GitLab EE CVE-2025-11340 affects all versions 18.3–18.3.4 and 18.4–18.4.2. The root cause is incorrectly scoped GraphQL mutations that could allow authenticated users with read-only API tokens to perform unauthorized writes to vulnerability records. A patch is available in GitLab EE 18.4.2 (relea...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/09 12:4 p.m.7 views

EUVD-2025-33333

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.3AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/09 12:4 p.m.12 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS0.00349EPSS
Exploits0References2
Rows per page
Query Builder